Nmap Development mailing list archives
Re: nmap does not list ciphers consistently
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 20 Jan 2018 14:12:26 -0600
Anil, Thanks for reporting this. The most useful output would be if you ran the script with -d to enable debug output. Since we are not interested in the output of the other scripts, and the "+" means that the script will run regardless of detected service, do not use the -sV option when collecting the debug output. Example: nmap --script +ssl-enum-ciphers -p443 x.x.x.x Dan On Wed, Jan 17, 2018 at 4:07 AM, NAYAK, ANIL KUMAR <nayakani () gmail com> wrote:
Dear Team, 1. nmap output does not list ciphers available in ALL expected ports (not consistent) 2. nmap output does not list ciphers against a specific port consistently Here the appliance/program runs on Linux 3.10.0-327 (RHEL 7.2) I need help to explain why it is happening , own script (openssl s_client) confirms that TLS v1.2 exclusive ciphers are available at port 443,8443(tomcat) & 5989(cimom), but nmap failed to list it consistently. Could this happen because nmap does not like certain response from target or it is possible that target possibly did not provide the list on few attempts (due to firewall etc? ). How to troubleshoot this ? Please see the test results below. Many thanks for any help you may have to offer. My objective is to show(consistent manner) the Ciphers available at Port 443 . Kind regards, Anil. Outputs: (replaced IP with x.x.x.x) ----------- 1. a. Unsuccessful : (Does not list for ANY ports , subsequently we could see the same command was successful on all expected ports) ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 14:39 IST Nmap scan report for x.x.x.x Host is up (0.0037s latency). Not shown: 995 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0) 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 3260/tcp open tcpwrapped 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 8443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 144.95 seconds b. Successful: (but this result varies , ciphers gets listed under port 443,8443, 5989 .. but it varies too often) ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 15:21 IST Nmap scan report for x.x.x.x Host is up (0.0025s latency). Not shown: 996 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0) 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp160k1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | Key exchange (secp160k1) of lower strength than certificate key |_ least strength: A 3260/tcp open iscsi? 8443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp160k1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | Key exchange (secp160k1) of lower strength than certificate key |_ least strength: A Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 271.48 seconds 2 a. Unsuccessful: It should ideally list the ciphers which it could find subsequently (in section b) ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x -p 443 Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 14:23 IST Nmap scan report for x.x.x.x.x Host is up (0.0024s latency). PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 19.03 seconds b. Successful : ANILs-MacBook-Pro:.ssh anil$ nmap -sV --script +ssl-enum-ciphers x.x.x.x. -p 443 Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-17 14:26 IST Nmap scan report for x.x.x.x Host is up (0.0020s latency). PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 |_http-server-header: Apache-Coyote/1.1 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp160k1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | Key exchange (secp160k1) of lower strength than certificate key |_ least strength: A Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 29.75 seconds _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap does not list ciphers consistently NAYAK, ANIL KUMAR (Jan 20)
- Re: nmap does not list ciphers consistently Daniel Miller (Jan 20)
- Re: nmap does not list ciphers consistently NAYAK, ANIL KUMAR (Feb 05)
- Re: nmap does not list ciphers consistently nnposter (Feb 05)
- Re: nmap does not list ciphers consistently nayakani (Feb 17)
- Re: nmap does not list ciphers consistently Daniel Miller (Feb 13)
- Re: nmap does not list ciphers consistently NAYAK, ANIL KUMAR (Feb 05)
- Re: nmap does not list ciphers consistently Daniel Miller (Jan 20)