🍝 NMAP : Find SSL Services

I wanted a script to scan all the IP addresses in the network range using NMAP and report on any ports that have a certificate attached, including the certificate details and health:

Scan a single host

nmap -sV -p 443 -Pn -script=ssl-cert,ssl-enum-ciphers,ssl-heartbleed <ip address>/32

Scan a network address range

nmap -sV -p 1-65535 -Pn -script=ssl-cert,ssl-enum-ciphers,ssl-heartbleed <x.x.x.x/xx>

Scan a network address range with a report

nmap -sV -p 1-65535 -Pn -oG report.txt -script=ssl-cert,ssl-enum-ciphers,ssl-heartbleed <x.x.x.x/xx>

The report will look like this:

# Nmap 7.92 scan initiated Fri Aug  4 14:28:46 2023 as: nmap -sV -p 443 -Pn -oG report.txt -script=ssl-cert,ssl-enum-ciphers,ssl-heartbleed <IP>

Host: 10.854.8.777 (victim.bear.local)     Status: Up
Host: 10.854.8.777 (victim.bear.local)     Ports: 443/open/tcp//ssl|http//Microsoft IIS httpd 17.0/

# Nmap done at Fri Aug  4 14:28:59 2023 -- 1 IP address (1 host up) scanned in 12.61 seconds

Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„