cipherscan/README.md

187 lines
4.5 KiB
Markdown
Raw Normal View History

2013-07-17 20:49:22 +02:00
CipherScan
==========
A very simple way to find out which SSL ciphersuites are supported by a target.
2013-08-07 16:40:03 +02:00
Run: ./CipherScan.sh www.google.com:443
2013-07-17 20:49:22 +02:00
And watch.
2013-07-17 21:06:34 +02:00
The newer your version of openssl, the better results you'll get. Older versions
of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!
2013-08-07 16:40:03 +02:00
Options
-------
Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.
Use '-v' to get more stuff to read.
Use '-a' to force openssl to test every single cipher it know.
2013-07-17 21:12:20 +02:00
Example
-------
```
2013-08-07 16:40:03 +02:00
$ ./CiphersScan.sh www.google.com:443 -a
prio ciphersuite protocol
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
2 ECDHE-RSA-RC4-SHA TLSv1.2
3 ECDHE-RSA-AES128-SHA TLSv1.2
4 AES128-GCM-SHA256 TLSv1.2
5 RC4-SHA TLSv1.2
6 RC4-MD5 TLSv1.2
7 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
8 ECDHE-RSA-AES256-SHA384 TLSv1.2
9 ECDHE-RSA-AES256-SHA TLSv1.2
10 AES256-GCM-SHA384 TLSv1.2
11 AES256-SHA256 TLSv1.2
12 AES256-SHA TLSv1.2
13 ECDHE-RSA-DES-CBC3-SHA TLSv1.2
14 DES-CBC3-SHA TLSv1.2
15 ECDHE-RSA-AES128-SHA256 TLSv1.2
16 AES128-SHA256 TLSv1.2
17 AES128-SHA TLSv1.2
18 (NONE)
All accepted ciphersuites
KO ADH-AES128-GCM-SHA256
KO ADH-AES128-SHA
KO ADH-AES128-SHA256
KO ADH-AES256-GCM-SHA384
KO ADH-AES256-SHA
KO ADH-AES256-SHA256
KO ADH-CAMELLIA128-SHA
KO ADH-CAMELLIA256-SHA
KO ADH-DES-CBC3-SHA
KO ADH-DES-CBC-SHA
KO ADH-RC4-MD5
KO ADH-SEED-SHA
KO AECDH-AES128-SHA
KO AECDH-AES256-SHA
KO AECDH-DES-CBC3-SHA
KO AECDH-NULL-SHA
KO AECDH-RC4-SHA
OK AES128-GCM-SHA256
OK AES128-SHA
OK AES128-SHA256
OK AES256-GCM-SHA384
OK AES256-SHA
OK AES256-SHA256
KO CAMELLIA128-SHA
KO CAMELLIA256-SHA
KO DES-CBC3-MD5
OK DES-CBC3-SHA
KO DES-CBC-MD5
KO DES-CBC-SHA
KO DH-DSS-AES128-GCM-SHA256
KO DH-DSS-AES128-SHA
KO DH-DSS-AES128-SHA256
KO DH-DSS-AES256-GCM-SHA384
KO DH-DSS-AES256-SHA
KO DH-DSS-AES256-SHA256
KO DH-DSS-CAMELLIA128-SHA
KO DH-DSS-CAMELLIA256-SHA
KO DH-DSS-DES-CBC3-SHA
KO DH-DSS-DES-CBC-SHA
KO DH-DSS-SEED-SHA
KO DHE-DSS-AES128-GCM-SHA256
KO DHE-DSS-AES128-SHA
KO DHE-DSS-AES128-SHA256
KO DHE-DSS-AES256-GCM-SHA384
KO DHE-DSS-AES256-SHA
KO DHE-DSS-AES256-SHA256
KO DHE-DSS-CAMELLIA128-SHA
KO DHE-DSS-CAMELLIA256-SHA
KO DHE-DSS-SEED-SHA
KO DHE-RSA-AES128-GCM-SHA256
KO DHE-RSA-AES128-SHA
KO DHE-RSA-AES128-SHA256
KO DHE-RSA-AES256-GCM-SHA384
KO DHE-RSA-AES256-SHA
KO DHE-RSA-AES256-SHA256
KO DHE-RSA-CAMELLIA128-SHA
KO DHE-RSA-CAMELLIA256-SHA
KO DHE-RSA-SEED-SHA
KO DH-RSA-AES128-GCM-SHA256
KO DH-RSA-AES128-SHA
KO DH-RSA-AES128-SHA256
KO DH-RSA-AES256-GCM-SHA384
KO DH-RSA-AES256-SHA
KO DH-RSA-AES256-SHA256
KO DH-RSA-CAMELLIA128-SHA
KO DH-RSA-CAMELLIA256-SHA
KO DH-RSA-DES-CBC3-SHA
KO DH-RSA-DES-CBC-SHA
KO DH-RSA-SEED-SHA
KO ECDH-ECDSA-AES128-GCM-SHA256
KO ECDH-ECDSA-AES128-SHA
KO ECDH-ECDSA-AES128-SHA256
KO ECDH-ECDSA-AES256-GCM-SHA384
KO ECDH-ECDSA-AES256-SHA
KO ECDH-ECDSA-AES256-SHA384
KO ECDH-ECDSA-DES-CBC3-SHA
KO ECDH-ECDSA-NULL-SHA
KO ECDH-ECDSA-RC4-SHA
KO ECDHE-ECDSA-AES128-GCM-SHA256
KO ECDHE-ECDSA-AES128-SHA
KO ECDHE-ECDSA-AES128-SHA256
KO ECDHE-ECDSA-AES256-GCM-SHA384
KO ECDHE-ECDSA-AES256-SHA
KO ECDHE-ECDSA-AES256-SHA384
KO ECDHE-ECDSA-DES-CBC3-SHA
KO ECDHE-ECDSA-NULL-SHA
KO ECDHE-ECDSA-RC4-SHA
OK ECDHE-RSA-AES128-GCM-SHA256
OK ECDHE-RSA-AES128-SHA
OK ECDHE-RSA-AES128-SHA256
OK ECDHE-RSA-AES256-GCM-SHA384
OK ECDHE-RSA-AES256-SHA
OK ECDHE-RSA-AES256-SHA384
OK ECDHE-RSA-DES-CBC3-SHA
KO ECDHE-RSA-NULL-SHA
OK ECDHE-RSA-RC4-SHA
KO ECDH-RSA-AES128-GCM-SHA256
KO ECDH-RSA-AES128-SHA
KO ECDH-RSA-AES128-SHA256
KO ECDH-RSA-AES256-GCM-SHA384
KO ECDH-RSA-AES256-SHA
KO ECDH-RSA-AES256-SHA384
KO ECDH-RSA-DES-CBC3-SHA
KO ECDH-RSA-NULL-SHA
KO ECDH-RSA-RC4-SHA
KO EDH-DSS-DES-CBC3-SHA
KO EDH-DSS-DES-CBC-SHA
KO EDH-RSA-DES-CBC3-SHA
KO EDH-RSA-DES-CBC-SHA
KO EXP-ADH-DES-CBC-SHA
KO EXP-ADH-RC4-MD5
KO EXP-DES-CBC-SHA
KO EXP-DH-DSS-DES-CBC-SHA
KO EXP-DH-RSA-DES-CBC-SHA
KO EXP-EDH-DSS-DES-CBC-SHA
KO EXP-EDH-RSA-DES-CBC-SHA
KO EXP-RC2-CBC-MD5
KO EXP-RC4-MD5
KO IDEA-CBC-MD5
KO IDEA-CBC-SHA
KO NULL-MD5
KO NULL-SHA
KO NULL-SHA256
KO PSK-3DES-EDE-CBC-SHA
KO PSK-AES128-CBC-SHA
KO PSK-AES256-CBC-SHA
KO PSK-RC4-SHA
KO RC2-CBC-MD5
OK RC4-MD5
OK RC4-SHA
KO SEED-SHA
KO SRP-3DES-EDE-CBC-SHA
KO SRP-AES-128-CBC-SHA
KO SRP-AES-256-CBC-SHA
KO SRP-DSS-3DES-EDE-CBC-SHA
KO SRP-DSS-AES-128-CBC-SHA
KO SRP-DSS-AES-256-CBC-SHA
KO SRP-RSA-3DES-EDE-CBC-SHA
KO SRP-RSA-AES-128-CBC-SHA
KO SRP-RSA-AES-256-CBC-SHA
2013-07-17 21:12:20 +02:00
```