4.5 KiB
4.5 KiB
CipherScan
A very simple way to find out which SSL ciphersuites are supported by a target.
Run: ./CipherScan.sh www.google.com:443 And watch.
The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!
Options
Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.
Use '-v' to get more stuff to read.
Use '-a' to force openssl to test every single cipher it know.
Example
$ ./CiphersScan.sh www.google.com:443 -a
prio ciphersuite protocol
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
2 ECDHE-RSA-RC4-SHA TLSv1.2
3 ECDHE-RSA-AES128-SHA TLSv1.2
4 AES128-GCM-SHA256 TLSv1.2
5 RC4-SHA TLSv1.2
6 RC4-MD5 TLSv1.2
7 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
8 ECDHE-RSA-AES256-SHA384 TLSv1.2
9 ECDHE-RSA-AES256-SHA TLSv1.2
10 AES256-GCM-SHA384 TLSv1.2
11 AES256-SHA256 TLSv1.2
12 AES256-SHA TLSv1.2
13 ECDHE-RSA-DES-CBC3-SHA TLSv1.2
14 DES-CBC3-SHA TLSv1.2
15 ECDHE-RSA-AES128-SHA256 TLSv1.2
16 AES128-SHA256 TLSv1.2
17 AES128-SHA TLSv1.2
18 (NONE)
All accepted ciphersuites
KO ADH-AES128-GCM-SHA256
KO ADH-AES128-SHA
KO ADH-AES128-SHA256
KO ADH-AES256-GCM-SHA384
KO ADH-AES256-SHA
KO ADH-AES256-SHA256
KO ADH-CAMELLIA128-SHA
KO ADH-CAMELLIA256-SHA
KO ADH-DES-CBC3-SHA
KO ADH-DES-CBC-SHA
KO ADH-RC4-MD5
KO ADH-SEED-SHA
KO AECDH-AES128-SHA
KO AECDH-AES256-SHA
KO AECDH-DES-CBC3-SHA
KO AECDH-NULL-SHA
KO AECDH-RC4-SHA
OK AES128-GCM-SHA256
OK AES128-SHA
OK AES128-SHA256
OK AES256-GCM-SHA384
OK AES256-SHA
OK AES256-SHA256
KO CAMELLIA128-SHA
KO CAMELLIA256-SHA
KO DES-CBC3-MD5
OK DES-CBC3-SHA
KO DES-CBC-MD5
KO DES-CBC-SHA
KO DH-DSS-AES128-GCM-SHA256
KO DH-DSS-AES128-SHA
KO DH-DSS-AES128-SHA256
KO DH-DSS-AES256-GCM-SHA384
KO DH-DSS-AES256-SHA
KO DH-DSS-AES256-SHA256
KO DH-DSS-CAMELLIA128-SHA
KO DH-DSS-CAMELLIA256-SHA
KO DH-DSS-DES-CBC3-SHA
KO DH-DSS-DES-CBC-SHA
KO DH-DSS-SEED-SHA
KO DHE-DSS-AES128-GCM-SHA256
KO DHE-DSS-AES128-SHA
KO DHE-DSS-AES128-SHA256
KO DHE-DSS-AES256-GCM-SHA384
KO DHE-DSS-AES256-SHA
KO DHE-DSS-AES256-SHA256
KO DHE-DSS-CAMELLIA128-SHA
KO DHE-DSS-CAMELLIA256-SHA
KO DHE-DSS-SEED-SHA
KO DHE-RSA-AES128-GCM-SHA256
KO DHE-RSA-AES128-SHA
KO DHE-RSA-AES128-SHA256
KO DHE-RSA-AES256-GCM-SHA384
KO DHE-RSA-AES256-SHA
KO DHE-RSA-AES256-SHA256
KO DHE-RSA-CAMELLIA128-SHA
KO DHE-RSA-CAMELLIA256-SHA
KO DHE-RSA-SEED-SHA
KO DH-RSA-AES128-GCM-SHA256
KO DH-RSA-AES128-SHA
KO DH-RSA-AES128-SHA256
KO DH-RSA-AES256-GCM-SHA384
KO DH-RSA-AES256-SHA
KO DH-RSA-AES256-SHA256
KO DH-RSA-CAMELLIA128-SHA
KO DH-RSA-CAMELLIA256-SHA
KO DH-RSA-DES-CBC3-SHA
KO DH-RSA-DES-CBC-SHA
KO DH-RSA-SEED-SHA
KO ECDH-ECDSA-AES128-GCM-SHA256
KO ECDH-ECDSA-AES128-SHA
KO ECDH-ECDSA-AES128-SHA256
KO ECDH-ECDSA-AES256-GCM-SHA384
KO ECDH-ECDSA-AES256-SHA
KO ECDH-ECDSA-AES256-SHA384
KO ECDH-ECDSA-DES-CBC3-SHA
KO ECDH-ECDSA-NULL-SHA
KO ECDH-ECDSA-RC4-SHA
KO ECDHE-ECDSA-AES128-GCM-SHA256
KO ECDHE-ECDSA-AES128-SHA
KO ECDHE-ECDSA-AES128-SHA256
KO ECDHE-ECDSA-AES256-GCM-SHA384
KO ECDHE-ECDSA-AES256-SHA
KO ECDHE-ECDSA-AES256-SHA384
KO ECDHE-ECDSA-DES-CBC3-SHA
KO ECDHE-ECDSA-NULL-SHA
KO ECDHE-ECDSA-RC4-SHA
OK ECDHE-RSA-AES128-GCM-SHA256
OK ECDHE-RSA-AES128-SHA
OK ECDHE-RSA-AES128-SHA256
OK ECDHE-RSA-AES256-GCM-SHA384
OK ECDHE-RSA-AES256-SHA
OK ECDHE-RSA-AES256-SHA384
OK ECDHE-RSA-DES-CBC3-SHA
KO ECDHE-RSA-NULL-SHA
OK ECDHE-RSA-RC4-SHA
KO ECDH-RSA-AES128-GCM-SHA256
KO ECDH-RSA-AES128-SHA
KO ECDH-RSA-AES128-SHA256
KO ECDH-RSA-AES256-GCM-SHA384
KO ECDH-RSA-AES256-SHA
KO ECDH-RSA-AES256-SHA384
KO ECDH-RSA-DES-CBC3-SHA
KO ECDH-RSA-NULL-SHA
KO ECDH-RSA-RC4-SHA
KO EDH-DSS-DES-CBC3-SHA
KO EDH-DSS-DES-CBC-SHA
KO EDH-RSA-DES-CBC3-SHA
KO EDH-RSA-DES-CBC-SHA
KO EXP-ADH-DES-CBC-SHA
KO EXP-ADH-RC4-MD5
KO EXP-DES-CBC-SHA
KO EXP-DH-DSS-DES-CBC-SHA
KO EXP-DH-RSA-DES-CBC-SHA
KO EXP-EDH-DSS-DES-CBC-SHA
KO EXP-EDH-RSA-DES-CBC-SHA
KO EXP-RC2-CBC-MD5
KO EXP-RC4-MD5
KO IDEA-CBC-MD5
KO IDEA-CBC-SHA
KO NULL-MD5
KO NULL-SHA
KO NULL-SHA256
KO PSK-3DES-EDE-CBC-SHA
KO PSK-AES128-CBC-SHA
KO PSK-AES256-CBC-SHA
KO PSK-RC4-SHA
KO RC2-CBC-MD5
OK RC4-MD5
OK RC4-SHA
KO SEED-SHA
KO SRP-3DES-EDE-CBC-SHA
KO SRP-AES-128-CBC-SHA
KO SRP-AES-256-CBC-SHA
KO SRP-DSS-3DES-EDE-CBC-SHA
KO SRP-DSS-AES-128-CBC-SHA
KO SRP-DSS-AES-256-CBC-SHA
KO SRP-RSA-3DES-EDE-CBC-SHA
KO SRP-RSA-AES-128-CBC-SHA
KO SRP-RSA-AES-256-CBC-SHA