LittleNellie
/
cipherscan
mirror of https://github.com/mozilla/cipherscan.git
2
0
Fork 0
Code Issues Releases Wiki Activity
37 Commits 5 Branches 0 Tags 35 MiB
Python 53.7%
Shell 39.5%
C 6.8%
Go to file
Hubert Kario 5f670deb10 update examples from README 
since now the scan reports protocols correctly, update the example
to ilustrate that
 		2014-04-03 23:44:20 +02:00
top1m added many tests 2014-01-11 01:07:32 +00:00
OpenSSL-LICENSE Added OpenSSL License 2013-11-05 15:53:55 -05:00
README.md update examples from README 2014-04-03 23:44:20 +02:00
cipherscan Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2 2014-04-03 23:44:16 +02:00
openssl Rebuilt openssl to support ChaCha20/Poly1305. Test against google servers. 2014-01-31 10:22:21 -05:00

README.md

CipherScan

A very simple way to find out which SSL ciphersuites are supported by a target.

Run: ./cipherscan www.google.com:443 And watch.

The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!

Options

Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.

You can use one of the options below (only one. yes, I know...)

Use '-v' to get more stuff to read.

Use '-a' to force openssl to test every single cipher it know.

Use '-json' to output the results in json format

$ ./cipherscan -json www.google.com:443

Example

$ ./cipherscan www.google.com:443
...................
prio  ciphersuite                  protocols                    pfs_keysize
1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                      ECDH,P-256,256bits
2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      ECDH,P-256,256bits
3     ECDHE-RSA-AES128-SHA         TLSv1.2                      ECDH,P-256,256bits
4     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
5     AES128-GCM-SHA256            TLSv1.2
6     AES128-SHA256                TLSv1.2
7     AES128-SHA                   TLSv1.2
8     RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
9     RC4-MD5                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
10    ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                      ECDH,P-256,256bits
11    ECDHE-RSA-AES256-SHA384      TLSv1.2                      ECDH,P-256,256bits
12    ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
13    AES256-GCM-SHA384            TLSv1.2
14    AES256-SHA256                TLSv1.2
15    AES256-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2
16    ECDHE-RSA-DES-CBC3-SHA       SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
17    DES-CBC3-SHA                 SSLv3,TLSv1,TLSv1.1,TLSv1.2
18    ECDHE-RSA-AES128-SHA256      TLSv1.2                      ECDH,P-256,256bits
$ ./cipherscan -starttls xmpp jabber.ccc.de:5222
.........
prio  ciphersuite           protocols    pfs_keysize
1     DHE-RSA-AES256-SHA    SSLv3,TLSv1  DH,1024bits
2     AES256-SHA            SSLv3,TLSv1
3     EDH-RSA-DES-CBC3-SHA  SSLv3,TLSv1  DH,1024bits
4     DES-CBC3-SHA          SSLv3,TLSv1
5     DHE-RSA-AES128-SHA    SSLv3,TLSv1  DH,1024bits
6     AES128-SHA            SSLv3,TLSv1
7     RC4-SHA               SSLv3,TLSv1
8     RC4-MD5               SSLv3,TLSv1