{"id":3728,"date":"2018-01-09T18:21:03","date_gmt":"2018-01-09T18:21:03","guid":{"rendered":"https:\/\/qbytes.cloud\/?p=3728"},"modified":"2018-01-09T18:21:03","modified_gmt":"2018-01-09T18:21:03","slug":"check-ciphers","status":"publish","type":"post","link":"https:\/\/www.qbytes.cloud\/index.php\/2018\/01\/09\/check-ciphers\/","title":{"rendered":"Nmap Script to Test SSL Versions and Cipher Suites"},"content":{"rendered":"

Included in NMap is a script called ssl-enum-ciphers, which will let you scan a target and list all SSL protocols and ciphers that are available on that server. You can also narrow it down by specifying a port number with the -p option.<\/p>\n

This tool comes in handy if you\u2019re doing a vulnerability scan and you need to make some changes to a server and you want to test those changes. This will allow you to perform a quick scan without needing to do a complete vulnerability scan.<\/p>\n

\n$ nmap --script ssl-enum-ciphers -p 443 testdomain.com\n\nStarting Nmap 7.40 ( https:\/\/nmap.org ) at 2018-01-09 12:18 CST\nNmap scan report for testdomain.com (192.99.236.66)\nHost is up (0.065s latency).\nPORT    STATE SERVICE\n443\/tcp open  https\n| ssl-enum-ciphers:\n|   TLSv1.0:\n|     ciphers:\n|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A\n|     compressors:\n|       NULL\n|     cipher preference: server\n|   TLSv1.1:\n|     ciphers:\n|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A\n|     compressors:\n|       NULL\n|     cipher preference: server\n|   TLSv1.2:\n|     ciphers:\n|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A\n|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A\n|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A\n|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A\n|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A\n|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A\n|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A\n|     compressors:\n|       NULL\n|     cipher preference: server\n|_  least strength: A\n\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Included in NMap is a script called ssl-enum-ciphers, which will let you scan a target and list all SSL protocols and ciphers that are available on that server. You can also narrow it down by specifying a port number with the -p option. This tool comes in handy if you\u2019re doing a vulnerability scan and … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-3728","post","type-post","status-publish","format-standard","hentry","category-administration"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/3728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=3728"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/3728\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=3728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=3728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=3728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}