Skip to content

Instantly share code, notes, and snippets.

@gavrie

gavrie/nmap-tls.md

Last active February 15, 2021 10:59
Show Gist options
  • Save gavrie/48ef95071309d7f755d87fb605921574 to your computer and use it in GitHub Desktop.
Save gavrie/48ef95071309d7f755d87fb605921574 to your computer and use it in GitHub Desktop.
Download ZIP
nmap TLS checks
Raw
nmap-tls.md

Tools

Install nmap (and fix permissions):

snap install nmap
snap connect nmap:network-control

nmap supports XML output with the option -oX. Install xmllint for nicely formatting XML:

snap install libxml2

Install xml2json for converting the XML to JSON for easier parsing:

sudo apt install npm
sudo sudo npm install -g xml2json

Checking TLS parameters with nmap

Scan all open ports

nmap -v -p 1-65535 localhost

Verify TLS cert on all open ports

nmap -v -p 1-65535 --script ssl-cert localhost

  • Ensure each port includes a ssl-cert section, otherwise it's not using TLS.

Check specific ports

Check only the specified ports: nmap -v -p 20385,21995 --script ssl-cert localhost -oX -

Expired certificate

nmap -v --script ssl-cert expired.badssl.com -p 443 -oX -

  • Check the notBefore and notAfter fields and verify the current date is in the range.

Insecure SSL/TLS versions

Insecure TLSv1.1 version: nmap -v --script ssl-enum-ciphers tls-v1-1.badssl.com -p 1011 -oX -

  • Ensure that only TLSv1.2 (or higher appear in the list, and not e.g. TLSv1.1.

Insecure ciphers

Insecure RC4 cipher: nmap -v --script ssl-enum-ciphers rc4.badssl.com -p 443 -oX -

  • Check the ciphers table and ensure all the strength fields are A (and not e.g. C).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment