cipherBrute.pl
Bruteforce supported SSL/TLS cipher suites and extract useful SSL Certificate information
Note: This tool uses the installed version of OpenSSL on the machine from which it is run as a basis for determining which cipher suites to test. This tool performs a full handshake in order to determine whether a cipher suite is supported much in the same way as the Nmap ssl-enum-ciphers script.
Note: This tool will work perfectly when run from Kali, but requires one Perl module to be installed (Crypt::X509). To install Crypt::X509 run the following command: cpanm install Crypt::X509
Why...?
- To quickly determine the supported SSL/TLS cipher suites and present results in a clear/concise manner
- To quickly extract useful information from SSL Certificates and present results in a clear/concise manner
How to use
To check what SSL/TLS cipher suites are supported
perl cipherBrute.pl -f lisofipsorhostnames.txt
Example usage
To help demonstrate how this tool works and what it is useful for follow these steps:
1 - Create a text file called listofipsorhostnames.txt using your favourite editor (vi/pico/nano).
2 - Copy and paste the following sample data into the new text file:
www.yourdomaintotest.com
www.yourdomaintotest.com:443
test.idontexist.com
iptotest.iptotest.iptotest.iptotest
maps.yourdomaintotest.org.uk:4444
3 - Run the following command and select option 1 at the menu:
perl cipherBrute.pl -f lisofipsorhostnames.txt
4 - Alternatively, to extract useful SSL Certificate information (eg Valid from, Expires on...) run the following command and select option 2 at the menu:
perl cipherBrute.pl -f lisofipsorhostnames.txt