Updated README

2024-11-04 15:03:41 +01:00 · 2014-04-19 12:04:09 -04:00 · 2014-04-19 12:04:09 -04:00 · 370348ba1b
commit 370348ba1b
parent f703ca9c26
1 changed files with 176 additions and 29 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,8 @@
 CipherScan
 ==========
-A very simple way to find out which SSL ciphersuites are supported by a target.
+A very simple way to find out which SSL/TLS ciphersuites are supported by a target.
+
+Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations. Cipherscan uses the `openssl s_client` command line to run the tests.

 On Linux x86_64 run: ./cipherscan www.google.com:443
 On any other *nix or *tux run: ./cipherscan -o /path/to/openssl www.google.com:443
@ -44,38 +46,183 @@ Testing plain SSL/TLS:
 ```
 linux $ ./cipherscan www.google.com:443
 ...................
-prio  ciphersuite                  protocols                    pubkey_size  signature_algorithm    trusted  pfs_keysize
-1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                      2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-3     ECDHE-RSA-AES128-SHA         TLSv1.1,TLSv1.2              2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-4     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-5     AES128-GCM-SHA256            TLSv1.2                      2048         sha1WithRSAEncryption  True
-6     AES128-SHA256                TLSv1.2                      2048         sha1WithRSAEncryption  True
-7     AES128-SHA                   TLSv1.1,TLSv1.2              2048         sha1WithRSAEncryption  True
-8     RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  True
-9     RC4-MD5                      SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  True
-10    ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                      2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-11    ECDHE-RSA-AES256-SHA384      TLSv1.2                      2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-12    ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-13    AES256-GCM-SHA384            TLSv1.2                      2048         sha1WithRSAEncryption  True
-14    AES256-SHA256                TLSv1.2                      2048         sha1WithRSAEncryption  True
-15    AES256-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  True
-16    ECDHE-RSA-DES-CBC3-SHA       SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
-17    DES-CBC3-SHA                 SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption  True
-18    ECDHE-RSA-AES128-SHA256      TLSv1.2                      2048         sha1WithRSAEncryption  True     ECDH,P-256,256bits
+prio  ciphersuite                  protocols                    pfs_keysize
+1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                      ECDH,P-256,256bits
+2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      ECDH,P-256,256bits
+3     ECDHE-RSA-AES128-SHA         TLSv1.1,TLSv1.2              ECDH,P-256,256bits
+4     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
+5     AES128-GCM-SHA256            TLSv1.2
+6     AES128-SHA256                TLSv1.2
+7     AES128-SHA                   TLSv1.1,TLSv1.2
+8     RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
+9     RC4-MD5                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
+10    ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                      ECDH,P-256,256bits
+11    ECDHE-RSA-AES256-SHA384      TLSv1.2                      ECDH,P-256,256bits
+12    ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
+13    AES256-GCM-SHA384            TLSv1.2
+14    AES256-SHA256                TLSv1.2
+15    AES256-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2
+16    ECDHE-RSA-DES-CBC3-SHA       SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
+17    DES-CBC3-SHA                 SSLv3,TLSv1,TLSv1.1,TLSv1.2
+18    ECDHE-RSA-AES128-SHA256      TLSv1.2                      ECDH,P-256,256bits
+
+Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
 ```

 Testing STARTTLS:
 ```
 darwin $ ./cipherscan -o ./openssl-mine -starttls xmpp jabber.ccc.de:5222
 .........
-prio  ciphersuite           protocols    pubkey_size  signature_algorithm    trusted  pfs_keysize
-1     DHE-RSA-AES256-SHA    SSLv3,TLSv1  2048         sha1WithRSAEncryption  False    DH,1024bits
-2     AES256-SHA            SSLv3,TLSv1  2048         sha1WithRSAEncryption  False
-3     EDH-RSA-DES-CBC3-SHA  SSLv3,TLSv1  2048         sha1WithRSAEncryption  False    DH,1024bits
-4     DES-CBC3-SHA          SSLv3,TLSv1  2048         sha1WithRSAEncryption  False
-5     DHE-RSA-AES128-SHA    SSLv3,TLSv1  2048         sha1WithRSAEncryption  False    DH,1024bits
-6     AES128-SHA            SSLv3,TLSv1  2048         sha1WithRSAEncryption  False
-7     RC4-SHA               SSLv3,TLSv1  2048         sha1WithRSAEncryption  False
-8     RC4-MD5               SSLv3,TLSv1  2048         sha1WithRSAEncryption  False
+.........
+prio  ciphersuite           protocols    pfs_keysize
+1     DHE-RSA-AES256-SHA    SSLv3,TLSv1  DH,1024bits
+2     AES256-SHA            SSLv3,TLSv1
+3     EDH-RSA-DES-CBC3-SHA  SSLv3,TLSv1  DH,1024bits
+4     DES-CBC3-SHA          SSLv3,TLSv1
+5     DHE-RSA-AES128-SHA    SSLv3,TLSv1  DH,1024bits
+6     AES128-SHA            SSLv3,TLSv1
+7     RC4-SHA               SSLv3,TLSv1
+8     RC4-MD5               SSLv3,TLSv1
+
+Certificate: UNTRUSTED, 2048 bit, sha1WithRSAEncryption signature
 ```
+
+Exporting to JSON with the `-j` command line option:
+```javascript
+$ /cipherscan -j -starttls xmpp jabber.ccc.de:5222
+{
+    "target": "jabber.ccc.de:5222",
+    "date": "Sat, 19 Apr 2014 11:40:40 -0400",
+    "ciphersuite": [
+        {
+            "cipher": "DHE-RSA-AES256-SHA",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "DH,1024bits"
+        },
+        {
+            "cipher": "AES256-SHA",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "None"
+        },
+        {
+            "cipher": "EDH-RSA-DES-CBC3-SHA",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "DH,1024bits"
+        },
+        {
+            "cipher": "DES-CBC3-SHA",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "None"
+        },
+        {
+            "cipher": "DHE-RSA-AES128-SHA",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "DH,1024bits"
+        },
+        {
+            "cipher": "AES128-SHA",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "None"
+        },
+        {
+            "cipher": "RC4-SHA",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "None"
+        },
+        {
+            "cipher": "RC4-MD5",
+            "protocols": [
+                "SSLv3",
+                "TLSv1"
+            ],
+            "pubkey": [
+                "2048"
+            ],
+            "sigalg": [
+                "sha1WithRSAEncryption"
+            ],
+            "trusted": "False",
+            "pfs": "None"
+        }
+    ]
+}
+```
+
+Contributors
+------------
+
+* Julien Vehent <julien@linuxwall.info> (original author)
+* Hubert Kario <hkario@redhat.com>
+* Pepi Zawodsky <git@maclemon.at>
+* Michael Zeltner <m@niij.org>
+* Simon Deziel <simon.deziel@gmail.com>