SSL CERT:
To retrieve a server’s SSL certificate:
nmap –script ssl-cert -p 443 {DOMAIN}
➜ ~ nmap --script ssl-cert -p 443 cordero.me Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-14 09:34 EDT Nmap scan report for cordero.me (35.208.103.74) Host is up (0.083s latency). rDNS record for 35.208.103.74: 74.103.208.35.bc.googleusercontent.com PORT STATE SERVICE 443/tcp open https | ssl-cert: Subject: commonName=cordero.me | Subject Alternative Name: DNS:cordero.me, DNS:www.cordero.me | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2020-07-14T20:20:20 | Not valid after: 2020-10-12T20:20:20 | MD5: 7ac1 36da beb5 39d2 3214 ffe0 1f44 6a53 |_SHA-1: 5e5e 9e49 02f0 c762 4bd0 91ed 2935 2df2 b1a0 3b4b Nmap done: 1 IP address (1 host up) scanned in 0.91 seconds
SSL-ENUM-CIPHERS:
This script checks the ciphers used. This one is important because you want to check to verify that your site is not using weak ciphers like TLS 1.0 and TLS1.1. TLS1.2 is recommended.
nmap –script ssl-enum-ciphers -p 443 {DOMAIN}
➜ ~ nmap --script ssl-enum-ciphers -p 443 cordero.me Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-14 09:29 EDT Nmap scan report for cordero.me (35.208.103.74) Host is up (0.070s latency). rDNS record for 35.208.103.74: 74.103.208.35.bc.googleusercontent.com PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 4096) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_256_CCM (dh 4096) - A | TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp384r1) - A | TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_128_CCM (dh 4096) - A | TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp384r1) - A | TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 4096) - A | TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 4096) - A | TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 4096) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 4096) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 4096) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 4096) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A | TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A | TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 16.67 seconds