Security   Security – List available cipher suite using nmap

If you are in process of securing your web server or site, there are some tools and online resources that can help us a lot (in one of the following posts will show you some of them).

But simply using the command the fantastic nmap tool, another interesting feature is listing the available cipher suite certain site offers using the “–script ssl-enum-ciphers” parameter:

$ nmap --script ssl-enum-ciphers -p 443 <host>

For example:

$ nmap --script ssl-enum-ciphers -p 443

Starting Nmap 7.40 ( ) at 2019-05-20 16:54 CEST
Nmap scan report for (
Host is up (0.0096s latency).
rDNS record for
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.51 seconds

Leave a Reply

Your email address will not be published. Required fields are marked *