Detecting Logjam

2015-05-21 10:22

Logjam is an exploit against sites using SSL certificates that support the Diffie-Hellman Key Exchange DHE_EXPORT ciphers.

You can use nmap to detect if your systems are exposed to the Logjam vulnerability.

nmap --script ssl-enum-ciphers -p 443 www.YOUR_WEBSERER_HERE.com | grep DHE_EXPORT

If it comes back with anything, you should probably look deeper into the situation. You are likely vulnerable to Logjam.

You can use the same ssl-enum-ciphers to list all of the ciphers your system has available as well:

nmap --script ssl-enum-ciphers -p 443 www.YOUR_WEBSERER_HERE.com

Or if you want a listing of ciphers that are considered “weak”

nmap --script ssl-enum-ciphers -p 443 www.YOUR_WEBSERER_HERE.com | grep weak

nmap comes with all kinds of other cool scripts that can make your life easier.