SSL related Commands

{: .no_toc }

Table of contents

{: .no_toc .text-delta }

  1. TOC

    {:toc}

SSL enum ciphers and algorithms

nmap -p 443 --script ssl-enum-ciphers <IP> -n
nmap --script ssh2-enum-algos target

HTTP SSL Certificate Information

nmap -sV -sC -p 443 <IP> -n -vv
use auxiliary/scanner/http/ssl

Sweet32

yawast ssl https://example.com --tdessessioncount

HTTP SSL/TLS Version Detection (POODLE scanner)

nmap -p 443 --script ssl-poodle <IP> -n
use auxiliary/scanner/http/ssl_version

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

use auxiliary/scanner/ssl/openssl_ccs
nmap -p 443 --script ssl-ccs-injection <IP>

OpenSSL Heartbeat (Heartbleed) Information Leak

nmap -p 443 --script ssl-heartbleed -n <IP>
use auxiliary/scanner/ssl/openssl_heartbleed

Weak ephemeral Diffie-Hellman parameter

nmap --script=ssl-dh-params -p 443 -n <IP>

Queries Google’s Certificate Catalog for the SSL certificates retrieved from target hosts

nmap -p 443 --script ssl-google-cert-catalog -n <IP>

SSLv2

nmap -p 443 --script sslv2 <IP> -n

Network level auth NLA

nmap -p 3389 --script rdp-enum-encryption <IP>
PreviousServicesNextWeb useful commands

Last updated