Skip to content
This repository has been archived by the owner on Jan 29, 2021. It is now read-only.
/ tlsenum Public archive

A command line tool to enumerate TLS cipher-suites supported by a server

License

Notifications You must be signed in to change notification settings

Ayrx/tlsenum

Repository files navigation

tlsenum

Build Status Coverage Status

tlsenum is a command-line TLS enumeration tool that attempts to enumerate what TLS cipher suites a server supports and list them in order of priority.

It works by sending out sending out TLS ClientHello messages and parsing the ServerHello responses from the server.

tlsenum assumes that the server decides the preferred cipher suite, ignoring the preference indicated by the client. While this is not strictly guaranteed by the TLS specification, it seems like a fairly common implementation detail.

Installation

tlsenum can be used with Python 2.7, 3.3 or 3.4 and can be installed with pip.

$ pip install tlsenum

Usage

Using this tool is fairly simple, here is an example of the tool's results when scanning twitter.com.

[ayrx@division tlsenum]$ tlsenum twitter.com 443
TLS Versions supported by server: 3.0, 1.0, 1.1, 1.2
Deflate compression: no
Supported Cipher suites in order of priority:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Do look at tlsenum -h for other options.

About

A command line tool to enumerate TLS cipher-suites supported by a server

Resources

License

Stars

Watchers

Forks

Packages

No packages published