nmap测试加密套件
[root@i-3pedyvud 123]# nmap -Pn --script ssl-enum-ciphers -p 8443 139.198.40.94
Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-21 21:38 CST
Nmap scan report for 2b.gkmang.cn (139.198.40.94)
Host is up (0.00036s latency).
PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| compressors:
| NULL
| cipher preference: client
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds
[root@i-3pedyvud 123]# nmap -Pn --script ssl-enum-ciphers -p 8999 36.41.188.74
Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-21 21:38 CST
Nmap scan report for cde.gkmang.cn (36.41.188.74)
Host is up (0.024s latency).
PORT STATE SERVICE
8999/tcp open bctp
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
[root@i-3pedyvud 123]#
[root@i-3pedyvud script]# nmap --script ssl-enum-ciphers -p 443 www.baidu.com
Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-21 21:24 CST
Nmap scan report for www.baidu.com (110.242.68.3)
Host is up (0.010s latency).
Other addresses for www.baidu.com (not scanned): 110.242.68.4
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: indeterminate
| cipher preference error: Too few ciphers supported
| warnings:
| Broken cipher RC4 is deprecated by RFC 7465
| Forward Secrecy not supported by any cipher
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| Broken cipher RC4 is deprecated by RFC 7465
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| Broken cipher RC4 is deprecated by RFC 7465
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH