Script tls-nextprotoneg

Script types: portrule
Categories: discovery, safe, default

Script Summary

Enumerates a TLS server's supported protocols by using the next protocol negotiation extension.

This works by adding the next protocol negotiation extension in the client hello packet and parsing the returned server hello's NPN extension data.

For more information, see:

Script Arguments

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

See the documentation for the mssql library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.


See the documentation for the smtp library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.


See the documentation for the tls library.

Example Usage

nmap --script=tls-nextprotoneg <targets>

Script Output

443/tcp open  https
| tls-nextprotoneg:
|   spdy/3
|   spdy/2
|_  http/1.1



  • Hani Benhabiles

License: Same as Nmap--See