Get cipher information with nmap

Good cipher usage is important for the encryption of you connection. With nmap we can look at them and harden the configuration were needed. For that we use the nmap scripting engine with ssl-enum-ciphers script.

Test and install nmap

First, check if nmap is installed.

sebastian@nw4mac:~$ nmap -V
Nmap version 7.40 ( https://nmap.org )
Platform: x86_64-apple-darwin16.3.0
Compiled with: liblua-5.3.3 openssl-1.0.2j nmap-libpcre-7.6 libpcap-1.8.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: kqueue poll select

If it is not installed, install it!

# Debian / Ubuntu
apt install nmap

# Apple macOS
brew install nmap

# CentOS / Redhad / Fedora
dnf install nmap
# or with yum
yum install nmap

Get your ciphers

When the installation is done, run your first scan. Use -p for the port number and choose your own target.

nmap --script ssl-enum-ciphers -p 443 www.binaryfigments.com

And see the results in the window below. It also gives a grade on you cipher usage. An A grade is nice to have!

nmap-cipher-scan

You can also check the ciphers on you e-mail server in port 993 for IMAP of port 587 for SMTP with TLS.

nmap --script ssl-enum-ciphers -p 587 mail.solarisinternetgroep.nl

Which gives the following results:

nmap-cipher-scan-bad-grade

The scores above are fine, but what is you have some issues in your cipher configuration on your website. Your grade will be lower like a C of D. If that is the case, you really should look at your web server configuration and turn of the bad ciphers!

nmap-cipher-scan-smtp
More than a port scanner

In these examples you can see that nmap is more than only a port and network scanner. It can do so much more with the scripting engine. Later more about the nmap scripting engine! In the meanwhile, read about it over here: https://nmap.org/book/man-nse.html.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.