2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-12-27 05:03:42 +01:00
Go to file
2013-12-09 11:01:30 -05:00
cipherscan Rename CiphersScan to cipherscan 2013-12-09 11:01:30 -05:00
openssl Use local openssl & return microseconds for benchmark 2013-07-19 09:45:06 -04:00
OpenSSL-LICENSE Added OpenSSL License 2013-11-05 15:53:55 -05:00
README.md Rename CiphersScan to cipherscan 2013-12-09 11:01:30 -05:00

CipherScan

A very simple way to find out which SSL ciphersuites are supported by a target.

Run: ./cipherscan www.google.com:443 And watch.

The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!

Options

Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.

You can use one of the options below (only one. yes, I know...)

Use '-v' to get more stuff to read.

Use '-a' to force openssl to test every single cipher it know.

Use '-json' to output the results in json format

$ ./cipherscan www.google.com:443 -json

Example

$ ./cipherscan www.google.com:443
prio  ciphersuite                  protocols                    pfs_keysize
1     ECDHE-RSA-AES128-GCM-SHA256  SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
2     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
3     ECDHE-RSA-AES128-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
4     AES128-GCM-SHA256            SSLv3,TLSv1,TLSv1.1,TLSv1.2
5     RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
6     RC4-MD5                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
7     ECDHE-RSA-AES256-GCM-SHA384  SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
8     ECDHE-RSA-AES256-SHA384      SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
9     ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
10    AES256-GCM-SHA384            SSLv3,TLSv1,TLSv1.1,TLSv1.2
11    AES256-SHA256                SSLv3,TLSv1,TLSv1.1,TLSv1.2
12    AES256-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2
13    ECDHE-RSA-DES-CBC3-SHA       SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
14    DES-CBC3-SHA                 SSLv3,TLSv1,TLSv1.1,TLSv1.2
15    ECDHE-RSA-AES128-SHA256      SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
16    AES128-SHA256                SSLv3,TLSv1,TLSv1.1,TLSv1.2
17    AES128-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2