Weak Cipher Detection
pussycat0x
GitHub
parent
a70aac7dc5
commit
cfc25efb69
|
|
@ -0,0 +1,217 @@
|
|||
id: weak-cipher-detect
|
||||
info:
|
||||
name: Weak Cipher Detection
|
||||
author: pussycat0x
|
||||
severity: low
|
||||
reference:
|
||||
- https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/
|
||||
description: |
|
||||
A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key
|
||||
in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken.
|
||||
tags: ssl
|
||||
ssl:
|
||||
- address: "{{Host}}:{{Port}}"
|
||||
extractors:
|
||||
- type: json
|
||||
json:
|
||||
- '.cipher'
|
||||
matchers:
|
||||
- type: word
|
||||
part: cipher
|
||||
words:
|
||||
- "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_RSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_DH_RSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_RSA_WITH_IDEA_CBC_SHA"
|
||||
- "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_DH_RSA_WITH_SEED_CBC_SHA"
|
||||
- "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
|
||||
- "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_RSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_PSK_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
|
||||
- "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_RSA_WITH_AES_128_CCM"
|
||||
- "TLS_RSA_WITH_AES_256_CCM"
|
||||
- "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_RSA_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
|
||||
- "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
|
||||
- "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
|
||||
- "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_PSK_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_DH_DSS_WITH_SEED_CBC_SHA"
|
||||
- "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
|
||||
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_AES_128_CCM_8"
|
||||
- "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_PSK_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"
|
||||
- "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
|
||||
- "TLS_RSA_WITH_AES_256_CCM_8"
|
||||
- "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
|
||||
- "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_RSA_WITH_AES_128_CCM_8"
|
||||
- "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
|
||||
- "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_PSK_WITH_AES_128_CCM"
|
||||
- "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"
|
||||
- "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DH_DSS_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_PSK_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_PSK_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_PSK_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
|
||||
- "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"
|
||||
- "TLS_RSA_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_RSA_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"
|
||||
- "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"
|
||||
- "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"
|
||||
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_DH_DSS_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"
|
||||
- "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
|
||||
- "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"
|
||||
- "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_RSA_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
|
||||
- "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_RSA_WITH_AES_256_CBC_SHA256"
|
||||
- "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"
|
||||
- "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
|
||||
- "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
|
||||
- "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_PSK_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_RSA_WITH_ARIA_256_GCM_SHA384"
|
||||
- "TLS_PSK_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"
|
||||
- "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"
|
||||
- "TLS_RSA_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_RSA_WITH_SEED_CBC_SHA"
|
||||
- "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_PSK_WITH_AES_256_CCM"
|
||||
- "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_DH_RSA_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
|
||||
- "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"
|
||||
- "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
|
||||
- "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_PSK_WITH_AES_256_CCM_8"
|
||||
- "TLS_RSA_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"
|
||||
- "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"
|
||||
- "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"
|
||||
- "TLS_KRB5_WITH_IDEA_CBC_SHA"
|
||||
Loading…
Reference in New Issue