Skip to content

Instantly share code, notes, and snippets.

@april

april/nmap 7 - mozilla.org

Created November 20, 2015 15:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save april/f7458c6672e59b7a9747 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save april/f7458c6672e59b7a9747 to your computer and use it in GitHub Desktop.
Download ZIP
New ssl-enum-ciphers script in nmap 7
Raw
nmap 7 - mozilla.org

❯ nmap –script ssl-enum-ciphers mozilla.org -p 443 [09:23:56]

Starting Nmap 7.00 ( https://nmap.org ) at 2015-11-20 09:23 CST Nmap scan report for mozilla.org (63.245.215.20) Host is up (0.076s latency). Other addresses for mozilla.org (not scanned): 2620:101:8008:5::2:1 rDNS record for 63.245.215.20: bedrock-prod-zlb.vips.scl3.mozilla.com PORT STATE SERVICE 443/tcp open https

ssl-enum-ciphers:
SSLv3:
ciphers:
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
compressors:
NULL
cipher preference: server
warnings:
CBC-mode cipher in SSLv3 (CVE-2014-3566)
Key exchange parameters of lower strength than certificate key
Weak certificate signature: SHA1
TLSv1.0:
ciphers:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
compressors:
NULL
cipher preference: server
warnings:
Key exchange parameters of lower strength than certificate key
Weak certificate signature: SHA1
TLSv1.1:
ciphers:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
compressors:
NULL
cipher preference: server
warnings:
Key exchange parameters of lower strength than certificate key
Weak certificate signature: SHA1
TLSv1.2:
ciphers:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
compressors:
NULL
cipher preference: server
warnings:
Key exchange parameters of lower strength than certificate key
Weak certificate signature: SHA1
_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 8.36 seconds

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment