NMap Script to Test SSL Versions and Cipher Suites

By |2016-10-16T15:54:16-05:00June 16th, 2016|Categories: Security|Tags: , , , , , , , |3 Comments
Share This:


A few months ago, I wrote an article on how to configure IIS for SSL/TLS protocol cipher best practices. To test your configuration, you can use a handy tool called NMap (nmap.org) or the ZenMap GUI.

Included in NMap is a script called ssl-enum-ciphers, which will let you scan a target and list all SSL protocols and ciphers that are available on that server. You can also narrow it down by specifying a port number with the -p option.

Using NMap, the script would look something like nmap --script ssl-enum-ciphers

[target] where [target] is the IP or hostname of the server you want to scan. You can also specify the port by adding -p to the command: nmap -p [port] --script ssl-enum-ciphers [target] where [port] is the port number you want to scan. If you do not specify a port number, it will scan all ports on the server and return the results for each port that is configured to use SSL.

This tool comes in handy if you’re doing a vulnerability scan and you need to make some changes to a server and you want to test those changes. This will allow you to perform a quick scan without needing to do a complete vulnerability scan.

You can read more about this NMap script here: https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

Share This:


Related Content


  1. Dawal March 30, 2018 at 7:27 am - Reply

    Where is the script?

  2. Robert Russell April 2, 2018 at 9:18 am - Reply

    It is included in NMap, you just need to run the command as described in the article.

  3. Jared March 13, 2019 at 3:24 pm - Reply

    would recommend using the -Pn flag on this as well.

Leave a Comment