https://www.sciencedirect.com/science/article/pii/S2667096822000271
Monday, November 25, 2024
Tuesday, September 24, 2024
Wednesday, April 24, 2024
[nmap] Using NMap to enumerate enabled cipher suites
# nmap --script ssl-enum-ciphers -p 993 mail.example.com
A shell script enumerating and checking up all cipher suites against a remote HTTPS service
Alexs-MacBook-Air:~ root# cat ./ssl_enum.sh
#!/usr/bin/env bash
#Downloaded from https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers
#Usage: ./ssl_enum.sh TARGET:PORT
# OpenSSL requires the port number.
SERVER=$1
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')
echo Obtaining cipher list from $(openssl version).
for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
error=$(echo -n $result | cut -d':' -f6)
echo NO \($error\)
else
if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then
echo YES
else
echo UNKNOWN RESPONSE
#echo $result
fi
fi
sleep $DELAY
done