Skip to content

Commit bf13cda

Browse files
author
iphelix
committed
first commit
0 parents  commit bf13cda

File tree

3 files changed

+778
-0
lines changed

3 files changed

+778
-0
lines changed

README

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
_
2+
| | version 0.2.0
3+
___ ___| |_ __ ___ __ _ _ __
4+
/ __/ __| | '_ ` _ \ / _` | '_ \
5+
\__ \__ \ | | | | | | (_| | |_) |
6+
|___/___/_|_| |_| |_|\__,_| .__/
7+
| |
8+
|_|
9+
D O C U M E N T A T I O N
10+
11+
The latest version of this document can be obtained from http://thesprawl.org/projects/sslmap/
12+
13+
SSLMap is a lightweight TLS/SSL cipher suite scanner. The tool was designed to meet the need of a simple but reliable way to detect weak ciphers suites enabled on SSL endpoints. SSLMap uses a custom SSL engine to avoid unnecessary limitations imposed by existing libraries, as a result it is capable of detecting uncommon cipher suites (e.g. GOST).
14+
15+
Sample Session
16+
==============
17+
18+
Let's run a sample scan against *thesprawl.org*:
19+
20+
$ python sslmap.py --host thesprawl.org
21+
22+
_
23+
| | version 0.2.0
24+
___ ___| |_ __ ___ __ _ _ __
25+
/ __/ __| | '_ ` _ \ / _` | '_ \
26+
\__ \__ \ | | | | | | (_| | |_) |
27+
|___/___/_|_| |_| |_|\__,_| .__/
28+
| |
29+
[email protected] |_|
30+
31+
[*] Scanning thesprawl.org:443 for 229 known cipher suites.
32+
[+] TLS_RSA_WITH_AES_128_CBC_SHA (0x00002F)
33+
[+] TLS_DHE_RSA_WITH_DES_CBC_SHA (0x000015)
34+
[+] TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000014)
35+
[+] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x000016)
36+
[+] TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x000039)
37+
[+] TLS_RSA_WITH_AES_256_CBC_SHA (0x000035)
38+
[+] TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x000033)
39+
[+] TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000A)
40+
[+] TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x000006)
41+
[+] TLS_RSA_WITH_RC4_128_MD5 (0x000004)
42+
[+] TLS_RSA_WITH_RC4_128_SHA (0x000005)
43+
[+] TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x000003)
44+
[+] TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000008)
45+
[+] TLS_RSA_WITH_DES_CBC_SHA (0x000009)
46+
[+] SSL2_DES_64_CBC_WITH_MD5 (0x060040)
47+
[+] SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x040080)
48+
[+] SSL2_RC4_128_WITH_MD5 (0x010080)
49+
[+] SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x030080)
50+
[+] SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700C0)
51+
[+] SSL2_RC4_128_EXPORT40_WITH_MD5 (0x020080)
52+
53+
==================== Scan Results ====================
54+
The following cipher suites were rated as HIGH:
55+
TLS_RSA_WITH_AES_128_CBC_SHA
56+
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
57+
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
58+
TLS_RSA_WITH_AES_256_CBC_SHA
59+
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
60+
TLS_RSA_WITH_3DES_EDE_CBC_SHA
61+
62+
The following cipher suites were rated as MEDIUM:
63+
TLS_RSA_WITH_RC4_128_MD5
64+
TLS_RSA_WITH_RC4_128_SHA
65+
66+
The following cipher suites were rated as EXPORT:
67+
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
68+
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
69+
TLS_RSA_EXPORT_WITH_RC4_40_MD5
70+
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
71+
SSL2_RC4_128_EXPORT40_WITH_MD5
72+
73+
The following cipher suites were rated as LOW:
74+
TLS_DHE_RSA_WITH_DES_CBC_SHA
75+
TLS_RSA_WITH_DES_CBC_SHA
76+
SSL2_DES_64_CBC_WITH_MD5
77+
SSL2_RC2_CBC_128_CBC_WITH_MD5
78+
SSL2_RC4_128_WITH_MD5
79+
SSL2_RC2_CBC_128_CBC_WITH_MD5
80+
SSL2_DES_192_EDE3_CBC_WITH_MD5
81+
82+
From the above output, you can tell that the server has several weak ciphers rated as EXPORT and LOW. In the ideal situation these ciphers should be removed from a production site. See the [TLS and SSL Cipher Suites](/research/tls-and-ssl-cipher-suites/) article on how to interpret the results.
83+
84+
If you would like to make your own decision on whether a particular cipher is weak or strong, you can repeat the scan with the *--verbose* flag enabled thus allowing you to see individual components of the cipher suite and how the rating was calculated. Below is a snippet of the above scan with the *verbose* flag enabled:
85+
86+
...
87+
[*] Using SSL v2.0 handshake.
88+
[+] SSL2_DES_64_CBC_WITH_MD5 (0x060040)
89+
Specs: Kx=RSA, Au=RSA, Enc=DES_64_CBC, Bits=64, Mac=MD5
90+
Score: Kx/Au=LOW, Enc/MAC=LOW, Overall=LOW
91+
[+] SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x040080)
92+
Specs: Kx=RSA, Au=RSA, Enc=RC2_CBC_128_CBC, Bits=128, Mac=MD5
93+
Score: Kx/Au=LOW, Enc/MAC=LOW, Overall=LOW
94+
[+] SSL2_RC4_128_WITH_MD5 (0x010080)
95+
Specs: Kx=RSA, Au=RSA, Enc=RC4_128, Bits=128, Mac=MD5
96+
Score: Kx/Au=LOW, Enc/MAC=MEDIUM, Overall=LOW
97+
[+] SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x030080)
98+
Specs: Kx=RSA, Au=RSA, Enc=RC2_CBC_128_CBC, Bits=128, Mac=MD5
99+
Score: Kx/Au=LOW, Enc/MAC=LOW, Overall=LOW
100+
[+] SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700C0)
101+
Specs: Kx=RSA, Au=RSA, Enc=DES_192_EDE3_CBC, Bits=192, Mac=MD5
102+
Score: Kx/Au=LOW, Enc/MAC=HIGH, Overall=LOW
103+
[+] SSL2_RC4_128_EXPORT40_WITH_MD5 (0x020080)
104+
Specs: Kx=RSA, Au=RSA, Enc=RC4_128_EXPORT40, Bits=40, Mac=MD5
105+
Score: Kx/Au=LOW, Enc/MAC=EXPORT, Overall=EXPORT
106+
...
107+
108+
Help Screen
109+
===========
110+
111+
The help screen shows a brief outline of tool's functionality:
112+
113+
Usage: sslmap.py [options]
114+
115+
Options:
116+
-h, --help show this help message and exit
117+
--host=gmail.com host
118+
--port=443 port
119+
--fuzz fuzz all possible cipher values (takes time)
120+
--tls1 use TLS v1.0 handshake
121+
--tls11 use TLS v1.1 handshake
122+
--tls12 use TLS v1.2 handshake
123+
--tls13 use TLS v1.3 handshake (future use)
124+
--ssl3 use SSL3 handshake
125+
--ssl2 use SSL2 handshake
126+
--verbose enable verbose output
127+
--db=ciphers.csv external cipher suite database. DB Format:
128+
cipher_id,name,protocol,Kx,Au,Enc,Bits,Mac,Auth
129+
Strength,Enc Strength,Overall Strength
130+
Usage: sslmap.py [options]
131+
132+
Fuzzing
133+
=======
134+
135+
As a special note on the *--fuzz* parameter, you may use it to both stress test as well as discover yet unknown cipher suites on a target system. Naturally as there are a few million possible values for the cipher suite parameter, the test may run for some time.

0 commit comments

Comments
 (0)