SSH and TLS/SSL are the two (2) most common encrypted protocols used daily by sysadm. Here, I listed some cmdline commonly used by me daily in troubleshooting the 2 protocols and some links below.
SSH (22/tcp):
Enumerate SSHD configuration with SSHscan
$ python sshscan.py -t 192.168.31.1
Enumerate SSH algorithm with NMAP
$ nmap --script ssh2-enum-algos 192.168.1.1
Print its (client) configuration after evaluating Host and Match blocks.
$ ssh -G 192.168.31.1
Queries ssh for the algorithms supported: cipher, cipher-auth, mac, kex, keq-gss, key, key-cert, key-plain, key-sig, protocol-version.
$ ssh -Q query_option
TLS/SSL (443/tcp):
$ sslyze www.facebook.com
$ ./sslscan.exe 192.168.31.1
$ tlsscan 192.168.31.1
$ ./tls-scan -c www.facebook.com --cacert=./ca-bundle.crt --pretty
Links:
- https://myseq.blogspot.com/2022/07/ssltls-recon.html
- https://myseq.blogspot.com/2022/07/sshscan.html
- https://myseq.blogspot.com/2022/07/sslyze-fast-and-powerful-ssltls.html
- https://myseq.blogspot.com/2022/07/ssl-configuration-generator.html
- https://security.stackexchange.com/questions/94390/whats-the-purpose-of-dh-parameters
- https://www.infoworld.com/article/3027557/openssl-patches-two-vulnerabilities-in-cryptographic-library.html
- https://nmap.org/nsedoc/scripts/ssh2-enum-algos.html
- https://stackoverflow.com/questions/16212816/setting-up-openssh-for-windows-using-public-key-authentication?rq=1
- https://www.activestate.com/blog/how-to-manage-tls-certificate-expiration-with-python/