Aug 3, 2022

SSH and TLS Enumeration

SSH and TLS/SSL are the two (2) most common encrypted protocols used daily by sysadm. Here, I listed some cmdline commonly used by me daily in troubleshooting the 2 protocols and some links below.


SSH (22/tcp):

Enumerate SSHD configuration with SSHscan

$ python sshscan.py -t 192.168.31.1

Enumerate SSH algorithm with NMAP

$ nmap --script ssh2-enum-algos 192.168.1.1

Print its (client) configuration after evaluating Host and Match blocks.

$ ssh -G 192.168.31.1

Queries ssh for the algorithms supported: cipher, cipher-auth, mac, kex, keq-gss, key, key-cert, key-plain, key-sig, protocol-version.

$ ssh -Q query_option


TLS/SSL (443/tcp):

$ sslyze www.facebook.com

$ ./sslscan.exe 192.168.31.1

$ tlsscan 192.168.31.1

$ ./tls-scan -c www.facebook.com --cacert=./ca-bundle.crt --pretty


Links: