Insecure Cipher Suites Detection
pussycat0x
GitHub
parent
a70aac7dc5
commit
a749d729f6
|
|
@ -0,0 +1,112 @@
|
|||
id: insecure-cipher-detect
|
||||
|
||||
info:
|
||||
name: Insecure Cipher Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
reference:
|
||||
- https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/
|
||||
description: |
|
||||
Weak ciphers are those encryption algorithms vulnerable to attack, often as a result of an insufficient key length.
|
||||
tags: ssl
|
||||
|
||||
ssl:
|
||||
- address: "{{Host}}:{{Port}}"
|
||||
|
||||
extractors:
|
||||
- type: json
|
||||
json:
|
||||
- '.cipher'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: cipher
|
||||
words:
|
||||
- "TLS_DHE_PSK_WITH_NULL_SHA384"
|
||||
- "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
|
||||
- "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_NULL_WITH_NULL_NULL"
|
||||
- "TLS_DH_DSS_WITH_DES_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_NULL_SHA"
|
||||
- "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"
|
||||
- "TLS_DH_anon_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256""
|
||||
- "TLS_RSA_WITH_RC4_128_MD5"
|
||||
- "TLS_SM4_CCM_SM3"
|
||||
- "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_RC4_128_SHA"
|
||||
- "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
|
||||
- "TLS_RSA_PSK_WITH_RC4_128_SHA"
|
||||
- "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC"
|
||||
- "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"
|
||||
- "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_DHE_PSK_WITH_NULL_SHA256"
|
||||
- "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
|
||||
- "TLS_PSK_WITH_RC4_128_SHA"
|
||||
- "TLS_DHE_PSK_WITH_RC4_128_SHA"
|
||||
- "TLS_KRB5_WITH_DES_CBC_SHA"
|
||||
- "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
|
||||
- "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_NULL_SHA"
|
||||
- "TLS_RSA_EXPORT_WITH_RC4_40_MD5"
|
||||
- "TLS_DH_anon_WITH_RC4_128_MD5"
|
||||
- "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
|
||||
- "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_RSA_WITH_NULL_MD5"
|
||||
- "TLS_SHA384_SHA384"
|
||||
- "TLS_SHA256_SHA256"
|
||||
- "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_RSA_WITH_NULL_SHA256"
|
||||
- "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"
|
||||
- "TLS_RSA_WITH_DES_CBC_SHA"
|
||||
- "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"
|
||||
- "TLS_PSK_WITH_NULL_SHA384"
|
||||
- "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"
|
||||
- "TLS_KRB5_WITH_RC4_128_MD5"
|
||||
- "TLS_DH_anon_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_DHE_PSK_WITH_NULL_SHA"
|
||||
- "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DH_anon_WITH_DES_CBC_SHA"
|
||||
- "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
|
||||
- "TLS_DH_anon_WITH_SEED_CBC_SHA"
|
||||
- "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
|
||||
- "TLS_DHE_DSS_WITH_DES_CBC_SHA"
|
||||
- "TLS_PSK_WITH_NULL_SHA256"
|
||||
- "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"
|
||||
- "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDHE_PSK_WITH_NULL_SHA"
|
||||
- "TLS_ECDH_anon_WITH_NULL_SHA"
|
||||
- "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_KRB5_WITH_IDEA_CBC_MD5"
|
||||
- "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC"
|
||||
- "TLS_ECDHE_RSA_WITH_NULL_SHA"
|
||||
- "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT"
|
||||
- "TLS_RSA_PSK_WITH_NULL_SHA"
|
||||
- "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"
|
||||
- "TLS_KRB5_WITH_DES_CBC_MD5"
|
||||
- "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"
|
||||
- "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_SM4_GCM_SM3"
|
||||
- "TLS_ECDHE_PSK_WITH_NULL_SHA384"
|
||||
- "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
|
||||
- "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
|
||||
- "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_RSA_PSK_WITH_NULL_SHA256"
|
||||
- "TLS_ECDHE_PSK_WITH_NULL_SHA256"
|
||||
- "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
|
||||
- "TLS_DH_RSA_WITH_DES_CBC_SHA"
|
||||
- "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
|
||||
- "TLS_ECDH_anon_WITH_RC4_128_SHA"
|
||||
- "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
|
||||
- "TLS_DHE_RSA_WITH_DES_CBC_SHA"
|
||||
- "TLS_RSA_WITH_RC4_128_SHA"
|
||||
- "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"
|
||||
- "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_ECDH_ECDSA_WITH_NULL_SHA"
|
||||
- "TLS_RSA_PSK_WITH_NULL_SHA384"
|
||||
- "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"
|
||||
- "TLS_KRB5_WITH_RC4_128_SHA"
|
||||
- "TLS_RSA_WITH_NULL_SHA"
|
||||
Loading…
Reference in New Issue