Get cipher information with nmap

Good cipher usage is important for the encryption of you connection. With nmap we can look at them and harden the configuration were needed. For that we use the nmap scripting engine with ssl-enum-ciphers script.

Test and install nmap

First, check if nmap is installed.

sebastian@nw4mac:~$ nmap -V
Nmap version 7.40 ( )
Platform: x86_64-apple-darwin16.3.0
Compiled with: liblua-5.3.3 openssl-1.0.2j nmap-libpcre-7.6 libpcap-1.8.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: kqueue poll select

If it is not installed, install it!

# Debian / Ubuntu
apt install nmap

# Apple macOS
brew install nmap

# CentOS / Redhad / Fedora
dnf install nmap
# or with yum
yum install nmap

Get your ciphers

When the installation is done, run your first scan. Use -p for the port number and choose your own target.

nmap --script ssl-enum-ciphers -p 443

And see the results in the window below. It also gives a grade on you cipher usage. An A grade is nice to have!


You can also check the ciphers on you e-mail server in port 993 for IMAP of port 587 for SMTP with TLS.

nmap --script ssl-enum-ciphers -p 587

Which gives the following results:


The scores above are fine, but what is you have some issues in your cipher configuration on your website. Your grade will be lower like a C of D. If that is the case, you really should look at your web server configuration and turn of the bad ciphers!

More than a port scanner

In these examples you can see that nmap is more than only a port and network scanner. It can do so much more with the scripting engine. Later more about the nmap scripting engine! In the meanwhile, read about it over here:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.