Last active
February 15, 2021 10:59
-
-
Save gavrie/48ef95071309d7f755d87fb605921574 to your computer and use it in GitHub Desktop.
Revisions
-
gavrie revised this gist
Feb 15, 2021 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,31 +25,31 @@ sudo sudo npm install -g xml2json ## Verify TLS cert on all open ports `nmap -v -p 1-65535 --script ssl-cert localhost` - Ensure each port includes a `ssl-cert` section, otherwise it's not using TLS. ## Check specific ports Check only the specified ports: `nmap -v -p 20385,21995 --script ssl-cert localhost -oX -` ## Expired certificate `nmap -v --script ssl-cert expired.badssl.com -p 443 -oX -` - Check the `notBefore` and `notAfter` fields and verify the current date is in the range. ## Insecure SSL/TLS versions Insecure TLSv1.1 version: `nmap -v --script ssl-enum-ciphers tls-v1-1.badssl.com -p 1011 -oX -` - Ensure that only `TLSv1.2` (or higher appear in the list, and not e.g. `TLSv1.1`. ## Insecure ciphers Insecure RC4 cipher: `nmap -v --script ssl-enum-ciphers rc4.badssl.com -p 443 -oX -` - Check the `ciphers` table and ensure all the `strength` fields are `A` (and not e.g. `C`). -
Feb 15, 2021 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,31 +25,31 @@ sudo sudo npm install -g xml2json ## Verify TLS cert on all open ports `nmap -v -p 1-65535 --script +ssl-cert localhost` - Ensure each port includes a `ssl-cert` section, otherwise it's not using TLS. ## Check specific ports Check only the specified ports: `nmap -v -p 20385,21995 --script +ssl-cert localhost -oX -` ## Expired certificate `nmap -v --script +ssl-cert expired.badssl.com -p 443 -oX -` - Check the `notBefore` and `notAfter` fields and verify the current date is in the range. ## Insecure SSL/TLS versions Insecure TLSv1.1 version: `nmap -v --script +ssl-enum-ciphers tls-v1-1.badssl.com -p 1011 -oX -` - Ensure that only `TLSv1.2` (or higher appear in the list, and not e.g. `TLSv1.1`. ## Insecure ciphers Insecure RC4 cipher: `nmap -v --script +ssl-enum-ciphers rc4.badssl.com -p 443 -oX -` - Check the `ciphers` table and ensure all the `strength` fields are `A` (and not e.g. `C`). -
Feb 15, 2021 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,6 +29,11 @@ sudo sudo npm install -g xml2json - Ensure each port includes a `ssl-cert` section, otherwise it's not using TLS. ## Check specific ports Check only the specified ports: `nmap -v -p 20385,21995 --script ssl-cert localhost -oX -` ## Expired certificate `nmap -v --script ssl-cert expired.badssl.com -p 443 -oX -` -
Feb 15, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,7 @@ snap install nmap snap connect nmap:network-control ``` `nmap` supports XML output with the option `-oX`. Install `xmllint` for nicely formatting XML: ``` snap install libxml2 ``` -
Feb 15, 2021 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Feb 15, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,50 @@ # Tools Install `nmap` (and fix permissions): ``` snap install nmap snap connect nmap:network-control ``` `nmap` supports XML output with the option `-xO`. Install `xmllint` for nicely formatting XML: ``` snap install libxml2 ``` Install `xml2json` for converting the XML to JSON for easier parsing: ``` sudo apt install npm sudo sudo npm install -g xml2json ``` # Checking TLS parameters with nmap ## Scan all open ports `nmap -v -p 1-65535 localhost` ## Verify TLS cert on all open ports `nmap -v -p 1-65535 --script ssl-cert localhost` - Ensure each port includes a `ssl-cert` section, otherwise it's not using TLS. ## Expired certificate `nmap -v --script ssl-cert expired.badssl.com -p 443 -oX -` - Check the `notBefore` and `notAfter` fields and verify the current date is in the range. ## Insecure SSL/TLS versions Insecure TLSv1.1 version: `nmap -v --script ssl-enum-ciphers tls-v1-1.badssl.com -p 1011 -oX -` - Ensure that only `TLSv1.2` (or higher appear in the list, and not e.g. `TLSv1.1`. ## Insecure ciphers Insecure RC4 cipher: `nmap -v --script ssl-enum-ciphers rc4.badssl.com -p 443 -oX -` - Check the `ciphers` table and ensure all the `strength` fields are `A` (and not e.g. `C`).