Re: NSE Scripts and SSL Cipher Checking

[Rob Nicholls <robert () robnicholls co uk>]

NSE would definitely be suitable. In fact, Nmap already has an NSE 
script to check SSL ciphers (ssl-enum-ciphers.nse), so you might want to 
take a look at that. This script doesn't check SSLv2 as there's a 
separate script for that (sslv2.nse). If you can find any ways to 
improve upon the current script, especially in terms of speed without 
affecting the accuracy, then I'm sure that'd be appreciated.

Rob

On 14.03.2012 09:52, Darren McDonald wrote:
> A while back I wrote athena ssl cipher check. It works by lying to 
> the ssl
> server by pretending it supports all possible ciphers,  sending large 
> lists
> of ciphers then using a binary search tree. This enables it find all 
> ssl
> possible ciphers and often faster than tools like HTC ssl cipher 
> check.
>
> I'm about that start working on the next version, and want to move 
> away
> from Java. Initially I was considering a rewrite in C++, but I've 
> been
> hearing a lot of good things about NSE scripts lately.
>
> Assuming the quality is upto standard, is this the kind of thing the 
> nmap
> project would consider including as part of nmap? Is NSE suitable for 
> this
> kind of thing?
>
> Renski
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/