I was making changes on F5s to remove ciphers considered weak. Once the change has been made, the VIP on the F5 must be checked. If the VIP is public and has a DNS record then using SSL labs in very simple. However, if the VIP has no public DNS record, or is not public facing SSL labs will not be able to run the web based scan.
This is where NAMP comes in handy. This may be run against an IP or domain as long as the NMAP client has access to the server.
This particular NAMP scan is for SSL ciphers, details can be found here.
What I have done is to install NMAP on my WSL2 instance running Ubuntu 20.04.
|
0 1 2 3 4 5 6 7 8 9 10 |
$ sudo apt-get update $ sudo apt-get install nmap $ nmap --version Nmap version 7.80 ( https://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.3.3 openssl-1.1.1d nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.9.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select |
Running a quick test against Google.com. The Ciphers can be seen under the section “ssl-enum-ciphers:”. This command can be modified to use a different domain or IP, and ports can be changed from 443 to anything. This is really all there is to it.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
$ nmap -sV --script ssl-enum-ciphers -p 443 google.com Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-04 14:59 GMT Nmap scan report for google.com (172.217.169.46) Host is up (0.0093s latency). Other addresses for google.com (not scanned): 2a00:1450:4009:821::200e rDNS record for 172.217.169.46: lhr48s08-in-f14.1e100.net PORT STATE SERVICE VERSION 443/tcp open ssl/https gws | fingerprint-strings: | GetRequest: | HTTP/1.0 200 OK | Date: Wed, 04 Jan 2023 15:00:10 GMT | Expires: -1 | Cache-Control: private, max-age=0 | Content-Type: text/html; charset=ISO-8859-1 | Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws" | Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." | Server: gws | X-XSS-Protection: 0 | X-Frame-Options: SAMEORIGIN | Set-Cookie: SOCS=CAAaBgiAg9OdBg; expires=Sat, 03-Feb-2024 15:00:10 GMT; path=/; domain=.google.com; Secure; SameSite=lax | Set-Cookie: AEC=ARSKqsIRk1sbdkn2wtFH_gvjIG70g4_7PrE9rdgVV3393xiIYoaH_cmduQ; expires=Mon, 03-Jul-2023 15:00:10 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax | Set-Cookie: __Secure-ENID=9.SE=IQzNrxqiDwgVzj73OiYRJvinvZ3J85_UrHzN-Ucwo8H6s2oCsA9l3XuRBDQynEH-WZpumRE4mu-8P1b59ycgO4H65 | HTTPOptions: | HTTP/1.0 405 Method Not Allowed | Allow: GET, HEAD | Date: Wed, 04 Jan 2023 15:00:10 GMT | Content-Type: text/html; charset=UTF-8 | Server: gws | Content-Length: 1592 | X-XSS-Protection: 0 | X-Frame-Options: SAMEORIGIN | Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" | <!DOCTYPE html> | <html lang=en> | <meta charset=utf-8> | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> | <title>Error 405 (Method Not Allowed)!!1</title> | <style> |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22p |_http-server-header: gws | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.1: | ciphers: | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.2: | ciphers: | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack |_ least strength: C 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port443-TCP:V=7.80%T=SSL%I=7%D=1/4%Time=63B5947A%P=x86_64-pc-linux-gnu% SF:r(GetRequest,3714,"HTTP/1\.0\x20200\x20OK\r\nDate:\x20Wed,\x2004\x20Jan SF:\x202023\x2015:00:10\x20GMT\r\nExpires:\x20-1\r\nCache-Control:\x20priv SF:ate,\x20max-age=0\r\nContent-Type:\x20text/html;\x20charset=ISO-8859-1\ SF:r\nCross-Origin-Opener-Policy-Report-Only:\x20same-origin-allow-popups; SF:\x20report-to=\"gws\"\r\nReport-To:\x20{\"group\":\"gws\",\"max_age\":2 SF:592000,\"endpoints\":\[{\"url\":\"https://csp\.withgoogle\.com/csp/repo SF:rt-to/gws/other\"}\]}\r\nP3P:\x20CP=\"This\x20is\x20not\x20a\x20P3P\x20 SF:policy!\x20See\x20g\.co/p3phelp\x20for\x20more\x20info\.\"\r\nServer:\x SF:20gws\r\nX-XSS-Protection:\x200\r\nX-Frame-Options:\x20SAMEORIGIN\r\nSe SF:t-Cookie:\x20SOCS=CAAaBgiAg9OdBg;\x20expires=Sat,\x2003-Feb-2024\x2015: SF:00:10\x20GMT;\x20path=/;\x20domain=\.google\.com;\x20Secure;\x20SameSit SF:e=lax\r\nSet-Cookie:\x20AEC=ARSKqsIRk1sbdkn2wtFH_gvjIG70g4_7PrE9rdgVV33 SF:93xiIYoaH_cmduQ;\x20expires=Mon,\x2003-Jul-2023\x2015:00:10\x20GMT;\x20 SF:path=/;\x20domain=\.google\.com;\x20Secure;\x20HttpOnly;\x20SameSite=la SF:x\r\nSet-Cookie:\x20__Secure-ENID=9\.SE=IQzNrxqiDwgVzj73OiYRJvinvZ3J85_ SF:UrHzN-Ucwo8H6s2oCsA9l3XuRBDQynEH-WZpumRE4mu-8P1b59ycgO4H65")%r(HTTPOpti SF:ons,7BC,"HTTP/1\.0\x20405\x20Method\x20Not\x20Allowed\r\nAllow:\x20GET, SF:\x20HEAD\r\nDate:\x20Wed,\x2004\x20Jan\x202023\x2015:00:10\x20GMT\r\nCo SF:ntent-Type:\x20text/html;\x20charset=UTF-8\r\nServer:\x20gws\r\nContent SF:-Length:\x201592\r\nX-XSS-Protection:\x200\r\nX-Frame-Options:\x20SAMEO SF:RIGIN\r\nAlt-Svc:\x20h3=\":443\";\x20ma=2592000,h3-29=\":443\";\x20ma=2 SF:592000,h3-Q050=\":443\";\x20ma=2592000,h3-Q046=\":443\";\x20ma=2592000, SF:h3-Q043=\":443\";\x20ma=2592000,quic=\":443\";\x20ma=2592000;\x20v=\"46 SF:,43\"\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=en>\n\x20\x20<meta\x20ch SF:arset=utf-8>\n\x20\x20<meta\x20name=viewport\x20content=\"initial-scale SF:=1,\x20minimum-scale=1,\x20width=device-width\">\n\x20\x20<title>Error\ SF:x20405\x20\(Method\x20Not\x20Allowed\)!!1</title>\n\x20\x20<style>\n\x2 SF:0\x20\x20\x20\*{margin:0;padding:0}html,code{font:15px/22px\x20arial,sa SF:ns-serif}html{background:#fff;color:#222;padding:15px}body{margin:7%\x2 SF:0auto\x200;max-width:390px;min-height:180px;padding:30px\x200\x2015px}\ SF:*\x20>\x20body{background:url\(//www\.google\.com/images/errors/robot\. SF:png\)\x20100%\x205px\x20no-repeat;padding-right:205px}p{margin:11px\x20 SF:0\x2022p"); Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 66.18 seconds |