Wednesday, April 24, 2024

[nmap] Using NMap to enumerate enabled cipher suites

 # nmap --script ssl-enum-ciphers -p 993 mail.example.com

A shell script enumerating and checking up all cipher suites against a remote HTTPS service

 Alexs-MacBook-Air:~ root# cat ./ssl_enum.sh 

#!/usr/bin/env bash

#Downloaded from https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

#Usage: ./ssl_enum.sh TARGET:PORT

    

# OpenSSL requires the port number.

SERVER=$1

DELAY=1

ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

    

echo Obtaining cipher list from $(openssl version).

    

for cipher in ${ciphers[@]}

do

  echo -n Testing $cipher...

  result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)

  if [[ "$result" =~ ":error:" ]] ; then

    error=$(echo -n $result | cut -d':' -f6)

    echo NO \($error\)

  else

    if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then

      echo YES

    else

      echo UNKNOWN RESPONSE

      #echo $result

    fi

  fi

  sleep $DELAY

done