I'm looking to find computers on the network that are using older versions of tls/ssl.
So far I've been using nmap's ssl-enum-ciphers and ssl-poodle scripts but the output isn't helpful as it shows every cipher available, eg :
Nmap scan report for x.x.x.x
Host is up (0.017s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| CBC-mode cipher in SSLv3 (CVE-2014-3566)
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
I have seen nmap has the greppable output option "-oG" but I'm not sure it works in conjunction with scripts, or I'm not using it correctly.
I've been using a variation of the below command
nmap -sV --script ssl-enum-ciphers -p 443 {ip address/netmask}
Ideally I'd like the output to look like
IP Address/Hostname SSLv3 TLS1.0 TLS1.2
But even getting it into .csv format would be helpful. Is there a better way to do this? Maybe I'm lacking some grep knowledge here.
Thanks!