Python Forum
Python Forum

Use nmap inside my python code to get supported cipher suites
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Use nmap inside my python code to get supported cipher suites
jimmeh
Programmer named Tim
Posts: 5
Threads: 2
Joined: May 2019
Reputation: 0
#1
May-29-2019, 06:07 PM
I'm trying to use python to list ciphers supported by a server i.e google.com. I stumbled upon this and I'm particularly interested with the second answer regarding nmap. The only problem is that I can only figure out how to run nmap in the command line (because the answer tells you exactly how to do it). Is there a way I can get this to run in python code and have that same output return in a json format or anything else simple enough to parse?

I've looked into python-nmap but I don't see an option for doing what I'm trying to do.

Thanks in advance for the help!
Find
Reply
Gribouillis

Super Moderators
Posts: 4,489
Threads: 69
Joined: Jan 2018
Reputation: 330
#2
May-30-2019, 05:11 AM (This post was last modified: May-30-2019, 05:11 AM by Gribouillis.)
  • Use the subprocess module to run a command such as nmap from python.
  • nmap has a -oX option to output XML data which can be parsed easily in python.
Find
Reply
jimmeh
Programmer named Tim
Posts: 5
Threads: 2
Joined: May 2019
Reputation: 0
#3
May-30-2019, 12:19 PM (This post was last modified: May-30-2019, 12:20 PM by jimmeh.)
(May-30-2019, 05:11 AM)Gribouillis Wrote:
  • Use the subprocess module to run a command such as nmap from python.
  • nmap has a -oX option to output XML data which can be parsed easily in python.

Hmmm...The XML option doesn't seem to work well when I run this command for getting google's supported cipher suites:

nmap --script ssl-enum-ciphers -oX nmap_output.xml -p 443 www.google.com
By not work well, I mean that although it outputs an XML file, there is no XML in the file, just the output string. Can you give it a shot and let me know if its the same for you?
Find
Reply
buran

Super Moderators
Posts: 8,089
Threads: 154
Joined: Sep 2016
Reputation: 582
#4
May-30-2019, 12:52 PM (This post was last modified: May-30-2019, 12:52 PM by buran.)
does this do what you want:

import ssl
import socket

hostname = 'www.google.com'
context = ssl.create_default_context()

with socket.create_connection((hostname, 443)) as sock:
    with context.wrap_socket(sock, server_hostname=hostname) as ssock:
        for cipher in context.get_ciphers():
            print(cipher)
Output:
{'id': 50380844, 'name': 'ECDHE-ECDSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380848, 'name': 'ECDHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331807, 'name': 'DHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH
   Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50384041, 'name': 'ECDHE-ECDSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50384040, 'name': 'ECDHE-RSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50384042, 'name': 'DHE-RSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH
   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380843, 'name': 'ECDHE-ECDSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380847, 'name': 'ECDHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331806, 'name': 'DHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH
   Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380836, 'name': 'ECDHE-ECDSA-AES256-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH
   Au=ECDSA Enc=AES(256)  Mac=SHA384', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha384', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380840, 'name': 'ECDHE-RSA-AES256-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha384', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331755, 'name': 'DHE-RSA-AES256-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha256', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380835, 'name': 'ECDHE-ECDSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH
   Au=ECDSA Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380839, 'name': 'ECDHE-RSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331751, 'name': 'DHE-RSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380810, 'name': 'ECDHE-ECDSA-AES256-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380820, 'name': 'ECDHE-RSA-AES256-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA
  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331705, 'name': 'DHE-RSA-AES256-SHA', 'protocol': 'SSLv3', 'description': 'DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380809, 'name': 'ECDHE-ECDSA-AES128-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380819, 'name': 'ECDHE-RSA-AES128-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA
  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331699, 'name': 'DHE-RSA-AES128-SHA', 'protocol': 'SSLv3', 'description': 'DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50331805, 'name': 'AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331804, 'name': 'AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331709, 'name': 'AES256-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha256', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331708, 'name': 'AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331701, 'name': 'AES256-SHA', 'protocol': 'SSLv3', 'description': 'AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331695, 'name': 'AES128-SHA', 'protocol': 'SSLv3', 'description': 'AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
note - I don't have experience with ssl module, but looking at the docs....
If you can't explain it to a six year old, you don't understand it yourself, Albert Einstein
How to Ask Questions The Smart Way: link and another link
Create MCV example
Debug small programs

Find
Reply
jimmeh
Programmer named Tim
Posts: 5
Threads: 2
Joined: May 2019
Reputation: 0
#5
May-30-2019, 01:07 PM
(May-30-2019, 12:19 PM)jimmeh Wrote:
(May-30-2019, 05:11 AM)Gribouillis Wrote:
  • Use the subprocess module to run a command such as nmap from python.
  • nmap has a -oX option to output XML data which can be parsed easily in python.

Hmmm...The XML option doesn't seem to work well when I run this command for getting google's supported cipher suites:

nmap --script ssl-enum-ciphers -oX nmap_output.xml -p 443 www.google.com
By not work well, I mean that although it outputs an XML file, there is no XML in the file, just the output string. Can you give it a shot and let me know if its the same for you?

Nvm, if I save the XML into a text file it seems to work. Thanks!
Find
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Cesar Cipher ForsakenDusk 5 429 Apr-07-2024, 04:30 PM
Last Post: Pedroski55
Question Rsa Cipher Paragoon2 3 621 Nov-27-2023, 12:30 PM
Last Post: snippsat
  RSA Cipher with blocks Paragoon2 0 484 Nov-26-2023, 04:35 PM
Last Post: Paragoon2
  Getting "SSL client not supported by this Python installation" error prabirsarkar 0 950 Mar-13-2023, 05:01 PM
Last Post: prabirsarkar
  Caesar Cipher Help pbrowne 2 2,155 Jun-30-2021, 02:36 PM
Last Post: deanhystad
  Learning Python with a Caesar cipher Drone4four 5 4,787 Nov-21-2020, 07:21 PM
Last Post: bowlofred
  The code to decrypt Caeser Cipher. lazerwolf101 2 3,134 May-26-2020, 04:01 PM
Last Post: DT2000
  Receiving XML exception from nmap.scan() results. PythonNmap 4 4,091 Jan-21-2020, 04:41 AM
Last Post: PythonNmap
  Trying to use python-nmap but receiving however python2 or 3 can't find PortScanner. PythonNmap 21 10,863 Jan-19-2020, 07:54 PM
Last Post: PythonNmap
  Can someone please help me convert this simple C ROT cipher code to Python code? boohoo9 5 3,438 Jun-14-2019, 03:02 PM
Last Post: DeaD_EyE

Forum Jump:

User Panel Messages

Log Out
My Profile
Pay your profile a visit
User Control Panel
Do some changes on your profile
My Messages
View private messages unread
Avatar
Change avatar
Signature
Change signature
Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020