Nmap Development mailing list archives
Re: nmap
From: Tom Sellers <nmap () fadedcode net>
Date: Mon, 16 Nov 2015 18:11:12 -0600
Additionally, modern versions of Nmap include a script specifically for detecting SSL v2, sslv2.nse. As a note, this will detect the availability of SSL v2 on the target even if you are scanning from machine where OpenSSL is compiled with SSL v2 disabled, as most modern versions are. Reference: https://nmap.org/nsedoc/scripts/sslv2.html nmap -p 443 -v --script sslv2 $targetname Tom On 11/16/2015 5:38 PM, Daniel Miller wrote:
Hi, and thanks for reporting this. What version of Nmap are you using? The ssl-enum-ciphers script is a very popular one that has undergone a lot of changes, even recently. If you are not using the version in 6.49BETA6, then you run the chance of missing things in odd circumstances. If you are using a recent version, please include the output of the following command (adjust port number if necessary): nmap -p443 -d2 --script ssl-enum-ciphers $targetname Dan On Mon, Nov 16, 2015 at 4:20 PM, Berman, Mitchell F. <mfb1 () cumc columbia edu <mailto:mfb1 () cumc columbia edu>> wrote: Hi nmap list-- I noticed a thread from October that mentioned that ssl-enum-ciphers script does not detect SSLv2. I have a VMware appliance (SUSE Linux) that OpenSSL detects and connect to with cipher RC4-SHA using SSL3 or TLS1.1, but nmap does not find the RC4-SHA cipher using ssl-enum-ciphers. (I'm in the process of hardening the VMware appliance.) Nmap finds only TLS1.0 ciphers (RC4-SHA is not included here) and no TLS1.1 or SSL3 ciphers. Should ssl-enum-ciphers be picking this up? It's curious, because on another Windows Server box with RC4 allowed (for testing), OpenSSL and nmap both find the RC4-SHA in SSL3 and TLS1.1. Not a firewall issue because nmap and openssl are loaded on the same workstation and going the same route. Regards, M Berman _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/