Python Forum

Python Forum > Python Coding > General Coding Help > Use nmap inside my python code to get supported cipher suites
Full Version: Use nmap inside my python code to get supported cipher suites
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

jimmeh

May-29-2019, 06:07 PM
I'm trying to use python to list ciphers supported by a server i.e google.com. I stumbled upon this and I'm particularly interested with the second answer regarding nmap. The only problem is that I can only figure out how to run nmap in the command line (because the answer tells you exactly how to do it). Is there a way I can get this to run in python code and have that same output return in a json format or anything else simple enough to parse?

I've looked into python-nmap but I don't see an option for doing what I'm trying to do.

Thanks in advance for the help!

Gribouillis

May-30-2019, 05:11 AM
  • Use the subprocess module to run a command such as nmap from python.
  • nmap has a -oX option to output XML data which can be parsed easily in python.

jimmeh

May-30-2019, 12:19 PM
(May-30-2019, 05:11 AM)Gribouillis Wrote: [ -> ]
  • Use the subprocess module to run a command such as nmap from python.
  • nmap has a -oX option to output XML data which can be parsed easily in python.

Hmmm...The XML option doesn't seem to work well when I run this command for getting google's supported cipher suites:

nmap --script ssl-enum-ciphers -oX nmap_output.xml -p 443 www.google.com
By not work well, I mean that although it outputs an XML file, there is no XML in the file, just the output string. Can you give it a shot and let me know if its the same for you?

buran

May-30-2019, 12:52 PM
does this do what you want:

import ssl
import socket

hostname = 'www.google.com'
context = ssl.create_default_context()

with socket.create_connection((hostname, 443)) as sock:
    with context.wrap_socket(sock, server_hostname=hostname) as ssock:
        for cipher in context.get_ciphers():
            print(cipher)
Output:
{'id': 50380844, 'name': 'ECDHE-ECDSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380848, 'name': 'ECDHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331807, 'name': 'DHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH
   Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50384041, 'name': 'ECDHE-ECDSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50384040, 'name': 'ECDHE-RSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50384042, 'name': 'DHE-RSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH
   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380843, 'name': 'ECDHE-ECDSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380847, 'name': 'ECDHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331806, 'name': 'DHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH
   Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380836, 'name': 'ECDHE-ECDSA-AES256-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH
   Au=ECDSA Enc=AES(256)  Mac=SHA384', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha384', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380840, 'name': 'ECDHE-RSA-AES256-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha384', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331755, 'name': 'DHE-RSA-AES256-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha256', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380835, 'name': 'ECDHE-ECDSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH
   Au=ECDSA Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380839, 'name': 'ECDHE-RSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331751, 'name': 'DHE-RSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380810, 'name': 'ECDHE-ECDSA-AES256-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380820, 'name': 'ECDHE-RSA-AES256-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA
  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331705, 'name': 'DHE-RSA-AES256-SHA', 'protocol': 'SSLv3', 'description': 'DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50380809, 'name': 'ECDHE-ECDSA-AES128-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}
{'id': 50380819, 'name': 'ECDHE-RSA-AES128-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA
  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}
{'id': 50331699, 'name': 'DHE-RSA-AES128-SHA', 'protocol': 'SSLv3', 'description': 'DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}
{'id': 50331805, 'name': 'AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331804, 'name': 'AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331709, 'name': 'AES256-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha256', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331708, 'name': 'AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331701, 'name': 'AES256-SHA', 'protocol': 'SSLv3', 'description': 'AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
{'id': 50331695, 'name': 'AES128-SHA', 'protocol': 'SSLv3', 'description': 'AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}
note - I don't have experience with ssl module, but looking at the docs....

jimmeh

May-30-2019, 01:07 PM
(May-30-2019, 12:19 PM)jimmeh Wrote: [ -> ]
(May-30-2019, 05:11 AM)Gribouillis Wrote: [ -> ]
  • Use the subprocess module to run a command such as nmap from python.
  • nmap has a -oX option to output XML data which can be parsed easily in python.

Hmmm...The XML option doesn't seem to work well when I run this command for getting google's supported cipher suites:

nmap --script ssl-enum-ciphers -oX nmap_output.xml -p 443 www.google.com
By not work well, I mean that although it outputs an XML file, there is no XML in the file, just the output string. Can you give it a shot and let me know if its the same for you?

Nvm, if I save the XML into a text file it seems to work. Thanks!
Python Forum > Python Coding > General Coding Help > Use nmap inside my python code to get supported cipher suites