cipherscan/README.md
2013-08-07 10:40:03 -04:00

4.5 KiB

CipherScan

A very simple way to find out which SSL ciphersuites are supported by a target.

Run: ./CipherScan.sh www.google.com:443 And watch.

The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!

Options

Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.

Use '-v' to get more stuff to read.

Use '-a' to force openssl to test every single cipher it know.

Example

$ ./CiphersScan.sh www.google.com:443 -a
prio  ciphersuite                  protocol
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2
2     ECDHE-RSA-RC4-SHA            TLSv1.2
3     ECDHE-RSA-AES128-SHA         TLSv1.2
4     AES128-GCM-SHA256            TLSv1.2
5     RC4-SHA                      TLSv1.2
6     RC4-MD5                      TLSv1.2
7     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2
8     ECDHE-RSA-AES256-SHA384      TLSv1.2
9     ECDHE-RSA-AES256-SHA         TLSv1.2
10    AES256-GCM-SHA384            TLSv1.2
11    AES256-SHA256                TLSv1.2
12    AES256-SHA                   TLSv1.2
13    ECDHE-RSA-DES-CBC3-SHA       TLSv1.2
14    DES-CBC3-SHA                 TLSv1.2
15    ECDHE-RSA-AES128-SHA256      TLSv1.2
16    AES128-SHA256                TLSv1.2
17    AES128-SHA                   TLSv1.2
18    (NONE)

All accepted ciphersuites
KO ADH-AES128-GCM-SHA256
KO ADH-AES128-SHA
KO ADH-AES128-SHA256
KO ADH-AES256-GCM-SHA384
KO ADH-AES256-SHA
KO ADH-AES256-SHA256
KO ADH-CAMELLIA128-SHA
KO ADH-CAMELLIA256-SHA
KO ADH-DES-CBC3-SHA
KO ADH-DES-CBC-SHA
KO ADH-RC4-MD5
KO ADH-SEED-SHA
KO AECDH-AES128-SHA
KO AECDH-AES256-SHA
KO AECDH-DES-CBC3-SHA
KO AECDH-NULL-SHA
KO AECDH-RC4-SHA
OK AES128-GCM-SHA256
OK AES128-SHA
OK AES128-SHA256
OK AES256-GCM-SHA384
OK AES256-SHA
OK AES256-SHA256
KO CAMELLIA128-SHA
KO CAMELLIA256-SHA
KO DES-CBC3-MD5
OK DES-CBC3-SHA
KO DES-CBC-MD5
KO DES-CBC-SHA
KO DH-DSS-AES128-GCM-SHA256
KO DH-DSS-AES128-SHA
KO DH-DSS-AES128-SHA256
KO DH-DSS-AES256-GCM-SHA384
KO DH-DSS-AES256-SHA
KO DH-DSS-AES256-SHA256
KO DH-DSS-CAMELLIA128-SHA
KO DH-DSS-CAMELLIA256-SHA
KO DH-DSS-DES-CBC3-SHA
KO DH-DSS-DES-CBC-SHA
KO DH-DSS-SEED-SHA
KO DHE-DSS-AES128-GCM-SHA256
KO DHE-DSS-AES128-SHA
KO DHE-DSS-AES128-SHA256
KO DHE-DSS-AES256-GCM-SHA384
KO DHE-DSS-AES256-SHA
KO DHE-DSS-AES256-SHA256
KO DHE-DSS-CAMELLIA128-SHA
KO DHE-DSS-CAMELLIA256-SHA
KO DHE-DSS-SEED-SHA
KO DHE-RSA-AES128-GCM-SHA256
KO DHE-RSA-AES128-SHA
KO DHE-RSA-AES128-SHA256
KO DHE-RSA-AES256-GCM-SHA384
KO DHE-RSA-AES256-SHA
KO DHE-RSA-AES256-SHA256
KO DHE-RSA-CAMELLIA128-SHA
KO DHE-RSA-CAMELLIA256-SHA
KO DHE-RSA-SEED-SHA
KO DH-RSA-AES128-GCM-SHA256
KO DH-RSA-AES128-SHA
KO DH-RSA-AES128-SHA256
KO DH-RSA-AES256-GCM-SHA384
KO DH-RSA-AES256-SHA
KO DH-RSA-AES256-SHA256
KO DH-RSA-CAMELLIA128-SHA
KO DH-RSA-CAMELLIA256-SHA
KO DH-RSA-DES-CBC3-SHA
KO DH-RSA-DES-CBC-SHA
KO DH-RSA-SEED-SHA
KO ECDH-ECDSA-AES128-GCM-SHA256
KO ECDH-ECDSA-AES128-SHA
KO ECDH-ECDSA-AES128-SHA256
KO ECDH-ECDSA-AES256-GCM-SHA384
KO ECDH-ECDSA-AES256-SHA
KO ECDH-ECDSA-AES256-SHA384
KO ECDH-ECDSA-DES-CBC3-SHA
KO ECDH-ECDSA-NULL-SHA
KO ECDH-ECDSA-RC4-SHA
KO ECDHE-ECDSA-AES128-GCM-SHA256
KO ECDHE-ECDSA-AES128-SHA
KO ECDHE-ECDSA-AES128-SHA256
KO ECDHE-ECDSA-AES256-GCM-SHA384
KO ECDHE-ECDSA-AES256-SHA
KO ECDHE-ECDSA-AES256-SHA384
KO ECDHE-ECDSA-DES-CBC3-SHA
KO ECDHE-ECDSA-NULL-SHA
KO ECDHE-ECDSA-RC4-SHA
OK ECDHE-RSA-AES128-GCM-SHA256
OK ECDHE-RSA-AES128-SHA
OK ECDHE-RSA-AES128-SHA256
OK ECDHE-RSA-AES256-GCM-SHA384
OK ECDHE-RSA-AES256-SHA
OK ECDHE-RSA-AES256-SHA384
OK ECDHE-RSA-DES-CBC3-SHA
KO ECDHE-RSA-NULL-SHA
OK ECDHE-RSA-RC4-SHA
KO ECDH-RSA-AES128-GCM-SHA256
KO ECDH-RSA-AES128-SHA
KO ECDH-RSA-AES128-SHA256
KO ECDH-RSA-AES256-GCM-SHA384
KO ECDH-RSA-AES256-SHA
KO ECDH-RSA-AES256-SHA384
KO ECDH-RSA-DES-CBC3-SHA
KO ECDH-RSA-NULL-SHA
KO ECDH-RSA-RC4-SHA
KO EDH-DSS-DES-CBC3-SHA
KO EDH-DSS-DES-CBC-SHA
KO EDH-RSA-DES-CBC3-SHA
KO EDH-RSA-DES-CBC-SHA
KO EXP-ADH-DES-CBC-SHA
KO EXP-ADH-RC4-MD5
KO EXP-DES-CBC-SHA
KO EXP-DH-DSS-DES-CBC-SHA
KO EXP-DH-RSA-DES-CBC-SHA
KO EXP-EDH-DSS-DES-CBC-SHA
KO EXP-EDH-RSA-DES-CBC-SHA
KO EXP-RC2-CBC-MD5
KO EXP-RC4-MD5
KO IDEA-CBC-MD5
KO IDEA-CBC-SHA
KO NULL-MD5
KO NULL-SHA
KO NULL-SHA256
KO PSK-3DES-EDE-CBC-SHA
KO PSK-AES128-CBC-SHA
KO PSK-AES256-CBC-SHA
KO PSK-RC4-SHA
KO RC2-CBC-MD5
OK RC4-MD5
OK RC4-SHA
KO SEED-SHA
KO SRP-3DES-EDE-CBC-SHA
KO SRP-AES-128-CBC-SHA
KO SRP-AES-256-CBC-SHA
KO SRP-DSS-3DES-EDE-CBC-SHA
KO SRP-DSS-AES-128-CBC-SHA
KO SRP-DSS-AES-256-CBC-SHA
KO SRP-RSA-3DES-EDE-CBC-SHA
KO SRP-RSA-AES-128-CBC-SHA
KO SRP-RSA-AES-256-CBC-SHA