Testing SSL ports using nmap and check for weak ciphers

There is often the case where we can use the ssllabs to provide a list of weak ciphers used in the site.

There are 2 options we can use:

1.  nmap --script ssl-enum-ciphers -p 443 yoursite.com |grep weak

2. sslyze

sslyze is not provided by default with the OS.
The way to install

Option 1: Install Pip with Yum 

Step 1: Add the EPEL Repository

Pip is part of Extra Packages for Enterprise Linux (EPEL), which is a community repository of non-standard packages for the RHEL distribution. First, we’ll install the EPEL repository, for directions see How to enable EPEL repository?

Step 2: The Installation

As a matter of best practice we’ll update our packages:

yum -y update

Then let’s install python-pip and any required packages:

yum -y install python-pip

And skip to Step #3.

 Option 2: Install Pip with Curl and Python 

Note:
If you installed Pip with the previous Option, then SKIP this step.

We can also use cURL and Python to download and install Pip.

curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"

python get-pip.py

 Step 3: Wrap Up / Verify The Installation   

View a list of helpful commands:

pip --help

Check the version of Pip that is installed:

pip -V

Which should yield something similar to:

pip 1.3.1 from /usr/lib/python2.7/site-packages (python 2.7)

Install sslyze

pip install --upgrade pip //upgrade to the latest version
pip install --upgrade setuptools //required to be able to install sslyze

pip install --upgrade sslyze



sslyze --regular gss-portal.com 443

 

AVAILABLE PLUGINS
-----------------

CertificateInfoPlugin
CompressionPlugin
SessionRenegotiationPlugin
HttpHeadersPlugin
SessionResumptionPlugin
HeartbleedPlugin
OpenSslCipherSuitesPlugin
FallbackScsvPlugin
RobotPlugin
OpenSslCcsInjectionPlugin

 

CHECKING HOST(S) AVAILABILITY
-----------------------------

gss-portal.com:443 => 217.160.251.179
443:443 => WARNING: Connection rejected; discarding corresponding tasks.

 


SCAN RESULTS FOR GSS-PORTAL.COM:443 - 217.160.251.179
-----------------------------------------------------

* OpenSSL CCS Injection:
OK - Not vulnerable to OpenSSL CCS injection

* Downgrade Attacks:
TLS_FALLBACK_SCSV: OK - Supported

* Session Renegotiation:
Client-initiated Renegotiation: OK - Rejected
Secure Renegotiation: OK - Supported

* TLSV1_3 Cipher Suites:
Server rejected all cipher suites.

* TLSV1_1 Cipher Suites:
Server rejected all cipher suites.

* Certificate Information:
Content
SHA1 Fingerprint: 32785bda78e6399fcd53080031e4e403de8c1e39
Common Name: gss-portal.com
Issuer: Let's Encrypt Authority X3
Serial Number: 283418967952565582184766806582798465026583
Not Before: 2020-10-08 11:55:08
Not After: 2021-01-06 11:55:08
Signature Algorithm: sha256
Public Key Algorithm: RSA
Key Size: 2048
Exponent: 65537 (0x10001)
DNS Subject Alternative Names: [u'*.gss-portal.com', u'gss-portal.com']

Trust
Hostname Validation: OK - Certificate matches gss-portal.com
Android CA Store (8.1.0_r9): OK - Certificate is trusted
iOS CA Store (11): OK - Certificate is trusted
Java CA Store (jre-10.0.2): OK - Certificate is trusted
macOS CA Store (High Sierra): OK - Certificate is trusted
Mozilla CA Store (2018-04-12): OK - Certificate is trusted
Windows CA Store (2018-06-30): OK - Certificate is trusted
Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
Received Chain: gss-portal.com --> Let's Encrypt Authority X3
Verified Chain: gss-portal.com --> Let's Encrypt Authority X3 --> DST Root CA X3
Received Chain Contains Anchor: OK - Anchor certificate not sent
Received Chain Order: OK - Order is valid
Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain

Extensions
OCSP Must-Staple: NOT SUPPORTED - Extension not found
Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more

OCSP Stapling
NOT SUPPORTED - Server did not send back an OCSP response

* SSLV3 Cipher Suites:
Server rejected all cipher suites.

* Resumption Support:
With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
With TLS Tickets: OK - Supported

* ROBOT Attack:
OK - Not vulnerable, RSA cipher suites not supported

* TLSV1 Cipher Suites:
Server rejected all cipher suites.

* SSLV2 Cipher Suites:
Server rejected all cipher suites.

* Deflate Compression:
OK - Compression disabled

* OpenSSL Heartbleed:
OK - Not vulnerable to Heartbleed

* TLSV1_2 Cipher Suites:
Forward Secrecy OK - Supported
RC4 OK - Not Supported

Preferred:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK
Accepted:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - 256 bits HTTP 200 OK
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits HTTP 200 OK
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits HTTP 200 OK
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits HTTP 200 OK


SCAN COMPLETED IN 3.97 S

  • nmap, ciphers, ssl, weak
  • 10 Users Found This Useful
Was this answer helpful?

Related Articles

 CVE-2007-4072 cms places full pathname of server in html comment fix

Description: Some CMS provide the full installation path within HTML comments in certain...

 CVE-2007-6197 Version numbers and internal hostnames leaked in HTML comments fix

Description: The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and...

 CVE-2009-2431 blog software leaks real username in html comment fix

Some applications place the username of a post's author in an HTML comment, which allows...

 CWE-540 Inclusion of Sensitive Information in Source Code fix

  Weakness ID: 540 Abstraction: BaseStructure: Simple Status: Incomplete...

 CWE-546 Suspicious Comment

 Description   The code contains comments that suggest the presence of bugs,...