指令類型:portrule
Nmap Script摘要
檢測 SSL/TLS 服務的弱暫時性 Diffie-Hellman 參數。
該腳本模擬使用擁有暫時性 Diffie-Hellman 作為密鑰交換算法的密碼套件的 SSL/TLS 握手。
提取並分析 Diffie-Hellman MODP 群組參數,以檢測對 Logjam(CVE-2015-4000)和其他弱點的脆弱性。
在支持它們的服務上建立機會性的 STARTTLS 會話。
Nmap Script參數
tls.servername參見tls庫的文檔。
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername參見smbauth庫的文檔。
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username參見mssql庫的文檔。
smtp.domain參見smtp庫的文檔。
randomseed, smbbasic, smbport, smbsign參見smb庫的文檔。
vulns.short, vulns.showall參見vulns庫的文檔。
Nmap Script範例
nmap --script ssl-dh-params <target>Nmap Script輸出
Host script results:
| ssl-dh-params:
| VULNERABLE:
| Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam)
| State: VULNERABLE
| IDs: BID:74733 CVE:CVE-2015-4000
| The Transport Layer Security (TLS) protocol contains a flaw that is triggered
| when handling Diffie-Hellman key exchanges defined with the DHE_EXPORT cipher.
| This may allow a man-in-the-middle attacker to downgrade the security of a TLS
| session to 512-bit export-grade cryptography, which is significantly weaker,
| allowing the attacker to more easily break the encryption and monitor or tamper
| with the encrypted stream.
| Disclosure date: 2015-5-19
| Check results:
| EXPORT-GRADE DH GROUP 1
| Ciphersuite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
| Modulus Type: Non-safe prime
| Modulus Source: sun.security.provider/512-bit DSA group with 160-bit prime order subgroup
| Modulus Length: 512 bits
| Generator Length: 512 bits
| Public Key Length: 512 bits
| References:
| https://weakdh.org
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
| https://www.securityfocus.com/bid/74733
|
| Diffie-Hellman Key Exchange Insufficient Diffie-Hellman Group Strength
| State: VULNERABLE
| Transport Layer Security (TLS) services that use Diffie-Hellman groups of
| insuffficient strength, especially those using one of a few commonly shared
| groups, may be susceptible to passive eavesdropping attacks.
| Check results:
| WEAK DH GROUP 1
| Ciphersuite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 512 bits
| Generator Length: 8 bits
| Public Key Length: 512 bits
| References:
| https://weakdh.org
|
| Diffie-Hellman Key Exchange Potentially Unsafe Group Parameters
| State: VULNERABLE
| This TLS service appears to be using a modulus that is not a safe prime and does
| not correspond to any well-known DSA group for Diffie-Hellman key exchange.
| These parameters MAY be secure if:
| - They were generated according to the procedure described in FIPS 186-4 for
| DSA Domain Parameter Generation, or
| - The generator g generates a subgroup of large prime order
| Additional testing may be required to verify the security of these parameters.
| Check results:
| NON-SAFE DH GROUP 1
| Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| Modulus Type: Non-safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 1024 bits
| Generator Length: 1024 bits
| Public Key Length: 1024 bits
| References:
|_ https://weakdh.orgNmap Script作者:
Jacob Gajek
License: Same as Nmap--See https://nmap.org/book/man-legal.html
Commentaires