Nmap Development mailing list archives
Re: sweet32 and ssl-enum-ciphers question
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 30 Jan 2017 22:09:22 -0800
On 01/30/2017 11:12 AM, ToddAndMargo wrote:
Hi All, I have a customer that got tagged with sweet32 on his PCI (credit card security) external scan. He is using RDP on a couple of his workstations so he can log in from home and I do believe the issue is that he hasn't done his Windows 7 updates in about two years. I will fix. Anyway, I am on nmap 7.40. Reading over at: https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html It shows a bunch of this stuff: Example Usage nmap --script ssl-enum-ciphers -p 443 <host> Script Output PORT STATE SERVICE REASON 443/tcp open https syn-ack | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A and on and so forth My intention is to use NMap to identify the sweet32 vulnerability and to then use NMap again to verify I have solved the issue. I am specifically looking for the "3DES" entry associated with sweet32. When I run this probe, I do not get any of the this stuff. I do get stuff back, but not the list with all the ciphers. This is what I ran: nmap -p xxxx,yyyy -v --script ssl-enum-ciphers www.xxx.yyy.zzz Am I missing something here? Many thanks, -T
By chance, if the port(s) are closed properly, would I not see the "ssl-enum-ciphers" report that shows on https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html as the script could find anything? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question Daniel Calvo Castro (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question Daniel Miller (Jan 31)
- Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 31)
- Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question Daniel Calvo Castro (Jan 30)