From a749d729f6d39be639b752f4f10eccbab01a4482 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sat, 15 Oct 2022 20:04:09 +0530 Subject: [PATCH 1/5] Insecure Cipher Suites Detection --- ssl/insecure-cipher-detect.yaml | 112 ++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 ssl/insecure-cipher-detect.yaml diff --git a/ssl/insecure-cipher-detect.yaml b/ssl/insecure-cipher-detect.yaml new file mode 100644 index 0000000000..7c25c25d1c --- /dev/null +++ b/ssl/insecure-cipher-detect.yaml @@ -0,0 +1,112 @@ +id: insecure-cipher-detect + +info: + name: Insecure Cipher Detection + author: pussycat0x + severity: info + reference: + - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/ + description: | + Weak ciphers are those encryption algorithms vulnerable to attack, often as a result of an insufficient key length. + tags: ssl + +ssl: + - address: "{{Host}}:{{Port}}" + + extractors: + - type: json + json: + - '.cipher' + + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_NULL_SHA384" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DH_anon_WITH_AES_128_GCM_SHA256" + - "TLS_NULL_WITH_NULL_NULL" + - "TLS_DH_DSS_WITH_DES_CBC_SHA" + - "TLS_ECDH_RSA_WITH_NULL_SHA" + - "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"" + - "TLS_RSA_WITH_RC4_128_MD5" + - "TLS_SM4_CCM_SM3" + - "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_ECDH_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" + - "TLS_RSA_PSK_WITH_RC4_128_SHA" + - "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" + - "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_RC4_128_SHA" + - "TLS_PSK_WITH_RC4_128_SHA" + - "TLS_DHE_PSK_WITH_RC4_128_SHA" + - "TLS_KRB5_WITH_DES_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_NULL_SHA" + - "TLS_RSA_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_RC4_128_MD5" + - "TLS_ECDHE_ECDSA_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_WITH_NULL_MD5" + - "TLS_SHA384_SHA384" + - "TLS_SHA256_SHA256" + - "TLS_DH_anon_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_NULL_SHA256" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" + - "TLS_RSA_WITH_DES_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" + - "TLS_PSK_WITH_NULL_SHA384" + - "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_RC4_128_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA" + - "TLS_DHE_PSK_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_anon_WITH_DES_CBC_SHA" + - "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_SEED_CBC_SHA" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA256" + - "TLS_DHE_DSS_WITH_DES_CBC_SHA" + - "TLS_PSK_WITH_NULL_SHA256" + - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" + - "TLS_KRB5_WITH_IDEA_CBC_MD5" + - "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" + - "TLS_ECDHE_RSA_WITH_NULL_SHA" + - "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" + - "TLS_RSA_PSK_WITH_NULL_SHA" + - "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_DES_CBC_MD5" + - "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" + - "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" + - "TLS_SM4_GCM_SM3" + - "TLS_ECDHE_PSK_WITH_NULL_SHA384" + - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_NULL_SHA256" + - "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_RSA_WITH_DES_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_RC4_128_SHA" + - "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DHE_RSA_WITH_DES_CBC_SHA" + - "TLS_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA256" + - "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDH_ECDSA_WITH_NULL_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA384" + - "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" + - "TLS_KRB5_WITH_RC4_128_SHA" + - "TLS_RSA_WITH_NULL_SHA" \ No newline at end of file From e28c7adf5a2933510159a1d11f03be0317a04fe1 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sat, 15 Oct 2022 20:07:44 +0530 Subject: [PATCH 2/5] Update insecure-cipher-detect.yaml --- ssl/insecure-cipher-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/insecure-cipher-detect.yaml b/ssl/insecure-cipher-detect.yaml index 7c25c25d1c..4bfa11377c 100644 --- a/ssl/insecure-cipher-detect.yaml +++ b/ssl/insecure-cipher-detect.yaml @@ -30,7 +30,7 @@ ssl: - "TLS_ECDH_RSA_WITH_NULL_SHA" - "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" - "TLS_DH_anon_WITH_AES_256_CBC_SHA" - - "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"" + - "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_WITH_RC4_128_MD5" - "TLS_SM4_CCM_SM3" - "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" @@ -109,4 +109,4 @@ ssl: - "TLS_RSA_PSK_WITH_NULL_SHA384" - "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" - "TLS_KRB5_WITH_RC4_128_SHA" - - "TLS_RSA_WITH_NULL_SHA" \ No newline at end of file + - "TLS_RSA_WITH_NULL_SHA" From 62f22bd531970abe3e27076f5a5a51ea1d8234f8 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sat, 15 Oct 2022 21:27:25 +0530 Subject: [PATCH 3/5] Update and rename insecure-cipher-detect.yaml to insecure-cipher-suite-detect.yaml --- ...cipher-detect.yaml => insecure-cipher-suite-detect.yaml} | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) rename ssl/{insecure-cipher-detect.yaml => insecure-cipher-suite-detect.yaml} (96%) diff --git a/ssl/insecure-cipher-detect.yaml b/ssl/insecure-cipher-suite-detect.yaml similarity index 96% rename from ssl/insecure-cipher-detect.yaml rename to ssl/insecure-cipher-suite-detect.yaml index 4bfa11377c..8a4e5931ec 100644 --- a/ssl/insecure-cipher-detect.yaml +++ b/ssl/insecure-cipher-suite-detect.yaml @@ -1,7 +1,7 @@ -id: insecure-cipher-detect +id: insecure-cipher-suite-detect info: - name: Insecure Cipher Detection + name: Insecure Cipher Suite Detection author: pussycat0x severity: info reference: @@ -12,12 +12,10 @@ info: ssl: - address: "{{Host}}:{{Port}}" - extractors: - type: json json: - '.cipher' - matchers: - type: word part: cipher From a053866bd1cbc8fdc1c14d9a088ef71157af73e1 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sat, 15 Oct 2022 21:36:53 +0530 Subject: [PATCH 4/5] Update insecure-cipher-suite-detect.yaml --- ssl/insecure-cipher-suite-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/insecure-cipher-suite-detect.yaml b/ssl/insecure-cipher-suite-detect.yaml index 8a4e5931ec..04326370b4 100644 --- a/ssl/insecure-cipher-suite-detect.yaml +++ b/ssl/insecure-cipher-suite-detect.yaml @@ -13,7 +13,7 @@ info: ssl: - address: "{{Host}}:{{Port}}" extractors: - - type: json + - type: json json: - '.cipher' matchers: From 9ff4bbeaf12d6dd011939c5b292782a7a5e2ff57 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Wed, 24 May 2023 11:54:49 +0530 Subject: [PATCH 5/5] TLS version - update --- ssl/insecure-cipher-suite-detect.yaml | 320 +++++++++++++++++++++++++- 1 file changed, 315 insertions(+), 5 deletions(-) diff --git a/ssl/insecure-cipher-suite-detect.yaml b/ssl/insecure-cipher-suite-detect.yaml index 04326370b4..223cc8cde8 100644 --- a/ssl/insecure-cipher-suite-detect.yaml +++ b/ssl/insecure-cipher-suite-detect.yaml @@ -4,18 +4,21 @@ info: name: Insecure Cipher Suite Detection author: pussycat0x severity: info - reference: - - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/ description: | Weak ciphers are those encryption algorithms vulnerable to attack, often as a result of an insufficient key length. + reference: + - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/ tags: ssl ssl: - address: "{{Host}}:{{Port}}" + min_version: tls10 + max_version: tls10 + extractors: - - type: json - json: - - '.cipher' + - type: dsl + dsl: + - "tls_version, cipher" matchers: - type: word part: cipher @@ -108,3 +111,310 @@ ssl: - "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" - "TLS_KRB5_WITH_RC4_128_SHA" - "TLS_RSA_WITH_NULL_SHA" + condition: or + + - address: "{{Host}}:{{Port}}" + min_version: tls11 + max_version: tls11 + + extractors: + - type: dsl + dsl: + - "tls_version, cipher" + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_NULL_SHA384" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DH_anon_WITH_AES_128_GCM_SHA256" + - "TLS_NULL_WITH_NULL_NULL" + - "TLS_DH_DSS_WITH_DES_CBC_SHA" + - "TLS_ECDH_RSA_WITH_NULL_SHA" + - "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_WITH_RC4_128_MD5" + - "TLS_SM4_CCM_SM3" + - "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_ECDH_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" + - "TLS_RSA_PSK_WITH_RC4_128_SHA" + - "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" + - "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_RC4_128_SHA" + - "TLS_PSK_WITH_RC4_128_SHA" + - "TLS_DHE_PSK_WITH_RC4_128_SHA" + - "TLS_KRB5_WITH_DES_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_NULL_SHA" + - "TLS_RSA_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_RC4_128_MD5" + - "TLS_ECDHE_ECDSA_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_WITH_NULL_MD5" + - "TLS_SHA384_SHA384" + - "TLS_SHA256_SHA256" + - "TLS_DH_anon_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_NULL_SHA256" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" + - "TLS_RSA_WITH_DES_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" + - "TLS_PSK_WITH_NULL_SHA384" + - "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_RC4_128_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA" + - "TLS_DHE_PSK_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_anon_WITH_DES_CBC_SHA" + - "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_SEED_CBC_SHA" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA256" + - "TLS_DHE_DSS_WITH_DES_CBC_SHA" + - "TLS_PSK_WITH_NULL_SHA256" + - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" + - "TLS_KRB5_WITH_IDEA_CBC_MD5" + - "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" + - "TLS_ECDHE_RSA_WITH_NULL_SHA" + - "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" + - "TLS_RSA_PSK_WITH_NULL_SHA" + - "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_DES_CBC_MD5" + - "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" + - "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" + - "TLS_SM4_GCM_SM3" + - "TLS_ECDHE_PSK_WITH_NULL_SHA384" + - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_NULL_SHA256" + - "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_RSA_WITH_DES_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_RC4_128_SHA" + - "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DHE_RSA_WITH_DES_CBC_SHA" + - "TLS_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA256" + - "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDH_ECDSA_WITH_NULL_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA384" + - "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" + - "TLS_KRB5_WITH_RC4_128_SHA" + - "TLS_RSA_WITH_NULL_SHA" + condition: or + + - address: "{{Host}}:{{Port}}" + min_version: tls12 + max_version: tls12 + + extractors: + - type: dsl + dsl: + - "tls_version, cipher" + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_NULL_SHA384" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DH_anon_WITH_AES_128_GCM_SHA256" + - "TLS_NULL_WITH_NULL_NULL" + - "TLS_DH_DSS_WITH_DES_CBC_SHA" + - "TLS_ECDH_RSA_WITH_NULL_SHA" + - "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_WITH_RC4_128_MD5" + - "TLS_SM4_CCM_SM3" + - "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_ECDH_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" + - "TLS_RSA_PSK_WITH_RC4_128_SHA" + - "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" + - "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_RC4_128_SHA" + - "TLS_PSK_WITH_RC4_128_SHA" + - "TLS_DHE_PSK_WITH_RC4_128_SHA" + - "TLS_KRB5_WITH_DES_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_NULL_SHA" + - "TLS_RSA_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_RC4_128_MD5" + - "TLS_ECDHE_ECDSA_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_WITH_NULL_MD5" + - "TLS_SHA384_SHA384" + - "TLS_SHA256_SHA256" + - "TLS_DH_anon_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_NULL_SHA256" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" + - "TLS_RSA_WITH_DES_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" + - "TLS_PSK_WITH_NULL_SHA384" + - "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_RC4_128_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA" + - "TLS_DHE_PSK_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_anon_WITH_DES_CBC_SHA" + - "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_SEED_CBC_SHA" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA256" + - "TLS_DHE_DSS_WITH_DES_CBC_SHA" + - "TLS_PSK_WITH_NULL_SHA256" + - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" + - "TLS_KRB5_WITH_IDEA_CBC_MD5" + - "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" + - "TLS_ECDHE_RSA_WITH_NULL_SHA" + - "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" + - "TLS_RSA_PSK_WITH_NULL_SHA" + - "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_DES_CBC_MD5" + - "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" + - "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" + - "TLS_SM4_GCM_SM3" + - "TLS_ECDHE_PSK_WITH_NULL_SHA384" + - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_NULL_SHA256" + - "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_RSA_WITH_DES_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_RC4_128_SHA" + - "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DHE_RSA_WITH_DES_CBC_SHA" + - "TLS_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA256" + - "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDH_ECDSA_WITH_NULL_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA384" + - "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" + - "TLS_KRB5_WITH_RC4_128_SHA" + - "TLS_RSA_WITH_NULL_SHA" + condition: or + + - address: "{{Host}}:{{Port}}" + min_version: tls13 + max_version: tls13 + + extractors: + - type: dsl + dsl: + - "tls_version, cipher" + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_NULL_SHA384" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DH_anon_WITH_AES_128_GCM_SHA256" + - "TLS_NULL_WITH_NULL_NULL" + - "TLS_DH_DSS_WITH_DES_CBC_SHA" + - "TLS_ECDH_RSA_WITH_NULL_SHA" + - "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_WITH_RC4_128_MD5" + - "TLS_SM4_CCM_SM3" + - "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_ECDH_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" + - "TLS_RSA_PSK_WITH_RC4_128_SHA" + - "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" + - "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_RC4_128_SHA" + - "TLS_PSK_WITH_RC4_128_SHA" + - "TLS_DHE_PSK_WITH_RC4_128_SHA" + - "TLS_KRB5_WITH_DES_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_NULL_SHA" + - "TLS_RSA_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_RC4_128_MD5" + - "TLS_ECDHE_ECDSA_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_WITH_NULL_MD5" + - "TLS_SHA384_SHA384" + - "TLS_SHA256_SHA256" + - "TLS_DH_anon_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_NULL_SHA256" + - "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" + - "TLS_RSA_WITH_DES_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" + - "TLS_PSK_WITH_NULL_SHA384" + - "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_RC4_128_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA" + - "TLS_DHE_PSK_WITH_NULL_SHA" + - "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_anon_WITH_DES_CBC_SHA" + - "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DH_anon_WITH_SEED_CBC_SHA" + - "TLS_DH_anon_WITH_AES_256_CBC_SHA256" + - "TLS_DHE_DSS_WITH_DES_CBC_SHA" + - "TLS_PSK_WITH_NULL_SHA256" + - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_NULL_SHA" + - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" + - "TLS_KRB5_WITH_IDEA_CBC_MD5" + - "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" + - "TLS_ECDHE_RSA_WITH_NULL_SHA" + - "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" + - "TLS_RSA_PSK_WITH_NULL_SHA" + - "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_KRB5_WITH_DES_CBC_MD5" + - "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" + - "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" + - "TLS_SM4_GCM_SM3" + - "TLS_ECDHE_PSK_WITH_NULL_SHA384" + - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" + - "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA256" + - "TLS_ECDHE_PSK_WITH_NULL_SHA256" + - "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_RSA_WITH_DES_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_RC4_128_SHA" + - "TLS_ECDH_anon_WITH_RC4_128_SHA" + - "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" + - "TLS_DHE_RSA_WITH_DES_CBC_SHA" + - "TLS_RSA_WITH_RC4_128_SHA" + - "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" + - "TLS_DH_anon_WITH_AES_128_CBC_SHA256" + - "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDH_ECDSA_WITH_NULL_SHA" + - "TLS_RSA_PSK_WITH_NULL_SHA384" + - "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" + - "TLS_KRB5_WITH_RC4_128_SHA" + - "TLS_RSA_WITH_NULL_SHA" + condition: or