2021-11-11

http://blog.sina.com.cn/s/blog_14971d0000102xnwq.html

2021-11-11

┌──(kali㉿kali)-[~]
└─$ sslyze --regular 192.168.0.1

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   192.168.0.1:443                       => 192.168.0.1 




 SCAN RESULTS FOR 192.168.0.1:443 - 192.168.0.1
 ----------------------------------------------

 * TLS 1.1 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.0 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * Downgrade Attacks:
       TLS_FALLBACK_SCSV:                 OK - Supported

 * SSL 2.0 Cipher Suites:
     Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

 * Elliptic Curve Key Exchange:
       Supported curves:                  X25519, X448, prime256v1, secp384r1, secp521r1
       Rejected curves:                   prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, secp256k1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1

 * SSL 3.0 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.2 Cipher Suites:
     Attempted to connect using 156 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256       256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed

 * TLS 1.2 Session Resumption Support:
      With Session IDs: NOT SUPPORTED (0 successful resumptions out of 5 attempts).
      With TLS Tickets: OK - Supported.

 * Certificates Information:
       Hostname sent for SNI:             192.168.0.1
       Number of certificates detected:   1


     Certificate #0 ( _RSAPublicKey )
       SHA1 Fingerprint:                  a5769d8f36cf57d6616948a15d2e4a5e714d214e
       Common Name:                       TZJS
       Issuer:                            TZJS
       Serial Number:                     12998667666213029199
       Not Before:                        2021-10-26
       Not After:                         2031-10-24
       Public Key Algorithm:              _RSAPublicKey
       Signature Algorithm:               sha256
       Key Size:                          3072
       Exponent:                          65537
       DNS Subject Alternative Names:     []

     Certificate #0 - Trust
       Hostname Validation:               FAILED - Certificate does NOT match server hostname
       Android CA Store (9.0.0_r9):       FAILED - Certificate is NOT Trusted: self signed certificate
       Apple CA Store (iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14):FAILED - Certificate is NOT Trusted: self signed certificate
       Java CA Store (jdk-13.0.2):        FAILED - Certificate is NOT Trusted: self signed certificate
       Mozilla CA Store (2021-01-24):     FAILED - Certificate is NOT Trusted: self signed certificate
       Windows CA Store (2021-02-08):     FAILED - Certificate is NOT Trusted: self signed certificate
       Symantec 2018 Deprecation:         ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain:                    TZJS
       Verified Chain:                    ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain Contains Anchor:    ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      ERROR - Could not build verified chain (certificate untrusted?)

     Certificate #0 - Extensions
       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
       Certificate Transparency:          NOT SUPPORTED - Extension not found

     Certificate #0 - OCSP Stapling
                                          NOT SUPPORTED - Server did not send back an OCSP response

 * Session Renegotiation:
       Client Renegotiation DoS Attack:   VULNERABLE - Server honors client-initiated renegotiations
       Secure Renegotiation:              OK - Supported

 * TLS 1.3 Cipher Suites:
     Attempted to connect using 5 cipher suites.

     The server accepted the following 3 cipher suites:
        TLS_CHACHA20_POLY1305_SHA256                      256       ECDH: X25519 (253 bits)
        TLS_AES_256_GCM_SHA384                            256       ECDH: X25519 (253 bits)
        TLS_AES_128_GCM_SHA256                            128       ECDH: X25519 (253 bits)


 * OpenSSL CCS Injection:
                                          OK - Not vulnerable to OpenSSL CCS injection

 * ROBOT Attack:
                                          OK - Not vulnerable, RSA cipher suites not supported.

 * Deflate Compression:
                                          OK - Compression disabled


 SCAN COMPLETED IN 6.22 S
 ------------------------
                                                                                                           
┌──(kali㉿kali)-[~]
└─$ 

┌──(kali㉿kali)-[~]
└─$ nmap -sV --script ssl-enum-ciphers -p 443 192.168.0.1  
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-11 00:58 EST
Nmap scan report for tz.lan (192.168.0.1)
Host is up (0.011s latency).                                                                             
                                                                                                         
PORT    STATE SERVICE  VERSION                                                                           
443/tcp open  ssl/http mini_httpd 1.30 26Oct2018                                                         
|_http-server-header: mini_httpd/1.30 26Oct2018                                                          
| ssl-enum-ciphers:                                                                                      
|   TLSv1.2:                                                                                             
|     ciphers:                                                                                           
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A                                             
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A                                             
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A                                              
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A                                              
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A                                          
|     compressors:                                                                                           
|       NULL
|     cipher preference: client
|_  least strength: A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.12 seconds
                                                                                                                    
┌──(kali㉿kali)-[~]
└─$ 

上一篇:古典密码学——代换密码 Substitution Cipher


下一篇:根据序列号加密生产4*4的密码,如:X9PL-TERY-NOZN-GMF1