Get ciphers with nmap
Good cipher usage is important for the encryption of you connection. With nmap we can look at them and harden the config where needed. For that we use the nmap scripting engine with
Test and install nmap
First, check if namp is installed.
sebastian@nw4mac:~$ nmap -V Nmap version 7.40 ( https://nmap.org ) Platform: x86_64-apple-darwin16.3.0 Compiled with: liblua-5.3.3 openssl-1.0.2j nmap-libpcre-7.6 libpcap-1.8.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: kqueue poll select
If it is not installed, install it!
# Debian / Ubuntu apt install nmap # Apple macOS brew install nmap # CentOS / Redhad / Fedora dnf install nmap # or with yum yum install nmap
Get your ciphers
When the installaton is done, run your first scan. Use -p for the port number and choose your own target.
nmap --script ssl-enum-ciphers -p 443 www.binaryfigments.com
And see the results in the window below. It also gives a grade on you cipher usage. An A grade is nice to have!
You can also chech the ciphers on you e-mail server in port 993 for IMAP of port 587 for SMTP with TLS.
nmap --script ssl-enum-ciphers -p 587 mail.solarisinternetgroep.nl
Wich give the following result:
The scores above are fine, but what is you have some issues in your cipher configuration on your websiter. Your grade will be lower like a C of D. If that is the case, you really should look at your webserver configuration and turn of the bad ciphers!
More than a portscanner
In these examples you can see that nmap is more than only a port and network scanner. It can do so much more with the scripting engine. Later more about the nmap scripting engine! In the meanwhile, read about it over here: https://nmap.org/book/man-nse.html.