[root@test]# nmap -F -sV localhost

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2009-07-28 13:31 CEST

Interesting ports on localhost.localdomain (127.0.0.1):

(The 1205 ports scanned but not shown below are in state: closed)

PORT      STATE SERVICE         VERSION

443/tcp   open  ssl             OpenSSL

901/tcp   open  http            Samba SWAT administration server

8080/tcp  open  http            Apache httpd 2.0.54 ((Unix) mod_ssl/2.0.54 OpenSSL/0.9.7g PHP/4.3.11)

8081/tcp  open  http            Apache Tomcat/Coyote JSP engine 1.0

Nmap run completed -- 1 IP address (1 host up) scanned in 27.881 seconds

[root@test]# 

https (443/tcp) 

Description 

Here is the SSLv2 server certificate: 

Certificate: 

Data: 

Version: 3 (0x2) 

Serial Number: 1 (0x1) 

Signature Algorithm: md5WithRSAEncryption 

Issuer: C=**, ST=******, L=******, O=******, OU=******, CN=****** 

Validity 

Not Before: Oct 17 07:12:16 2007 GMT Not After : 

Oct 16 07:12:16 2008 GMT 

Subject: C=**, ST=******, L=******, O=******, CN=****** 

Subject Public Key Info: 

Public Key Algorithm: rsaEncryption 

RSA Public Key: (1024 bit) 

Modulus (1024 bit): 

00:98:4f:24:16:cb:0f:74:e8:9c:55:ce:62:14:4e: 

6b:84:c5:81:43:59:c1:2e:ac:ba:af:92:51:f3:0b: 

ad:e1:4b:22:ba:5a:9a:1e:0f:0b:fb:3d:5d:e6:fc: 

ef:b8:8c:dc:78:28:97:8b:f0:1f:17:9f:69:3f:0e: 

72:51:24:1b:9c:3d:85:52:1d:df:da:5a:b8:2e:d2: 

09:00:76:24:43:bc:08:67:6b:dd:6b:e9:d2:f5:67: 

e1:90:2a:b4:3b:b4:3c:b3:71:4e:88:08:74:b9:a8: 

2d:c4:8c:65:93:08:e6:2f:fd:e0:fa:dc:6d:d7:a2: 

3d:0a:75:26:cf:dc:47:74:29 

Exponent: 65537 (0x10001) 

X509v3 extensions: 

X509v3 Basic Constraints: 

CA:FALSE 

Netscape Comment: 

OpenSSL Generated Certificate 

Page 10 

Network Vulnerability Assessment Report 25.07.2009 

X509v3 Subject Key Identifier: 

10:00:38:4C:45:F0:7C:E4:C6:A7:A4:E2:C9:F0:E4:2B:A8:F9:63:A8 

X509v3 Authority Key Identifier: 

keyid:CE:E5:F9:41:7B:D9:0E:5E:5D:DF:5E:B9:F3:E6:4A:12:19:02:76:CE 

DirName:/C=**/ST=******/L=******/O=******/OU=******/CN=******

serial:00 

Signature Algorithm: md5WithRSAEncryption 

7b:14:bd:c7:3c:0c:01:8d:69:91:95:46:5c:e6:1e:25:9b:aa: 

8b:f5:0d:de:e3:2e:82:1e:68:be:97:3b:39:4a:83:ae:fd:15:

2e:50:c8:a7:16:6e:c9:4e:76:cc:fd:69:ae:4f:12:b8:e7:01: 

b6:58:7e:39:d1:fa:8d:49:bd:ff:6b:a8:dd:ae:83:ed:bc:b2: 

40:e3:a5:e0:fd:ae:3f:57:4d:ec:f3:21:34:b1:84:97:06:6f: 

f4:7d:f4:1c:84:cc:bb:1c:1c:e7:7a:7d:2d:e9:49:60:93:12: 

0d:9f:05:8c:8e:f9:cf:e8:9f:fc:15:c0:6e:e2:fe:e5:07:81: 

82:fc 

Here is the list of available SSLv2 ciphers: 

RC4-MD5

EXP-RC4-MD5

RC2-CBC-MD5

EXP-RC2-CBC-MD5 DES-CBC-MD5 

DES-CBC3-MD5 

RC4-64-MD5 

The SSLv2 server offers 5 strong ciphers, but also 0 medium strength 

and 2 weak "export class" ciphers. 

The weak/medium ciphers may be chosen by an export-grade 

or badly configured client software. 

They only offer a limited protection against a brute force attack 

Solution: disable those ciphers and upgrade your client software if necessary. 

See http://support.microsoft.com/default.aspx?scid=kben-us216482 

or http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite 

This SSLv2 server also accepts SSLv3 connections.

This SSLv2 server also accepts TLSv1 connections. Vulnerable hosts 

(以下从略)

[root@test]# openssl s_client -no_tls1 -no_ssl3 -connect www.google.com:443

CONNECTED(00000003)

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com

verify error:num=27:certificate not trusted

verify return:1

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com

verify error:num=21:unable to verify the first certificate

verify return:1

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDYzCCAsygAwIBAgIQYFbAC3yUC8RFj9MS7lfBkzANBgkqhkiG9w0BAQQFADCB

zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ

Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE

CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh

d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl

cnZlckB0aGF3dGUuY29tMB4XDTA2MDQyMTAxMDc0NVoXDTA3MDQyMTAxMDc0NVow

aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v

dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnd3dy5n

b29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/e2Vs8U33fRDk

5NNpNgkB1zKw4rqTozmfwty7eTEI8PVH1Bf6nthocQ9d9SgJAI2WOBP4grPj7MqO

dXMTFWGDfiTnwes16G7NZlyh6peT68r7ifrwSsVLisJp6pUf31M5Z3D88b+Yy4PE

D7BJaTxq6NNmP1vYUJeXsGSGrV6FUQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG

AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo

YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm

MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/

BAIwADANBgkqhkiG9w0BAQQFAAOBgQADlTbBdVY6LD1nHWkhTadmzuWq2rWE0KO3

Ay+7EleYWPOo+EST315QLpU6pQgblgobGoI5x/fUg2U8WiYj1I1cbavhX2h1hda3

FJWnB3SiXaiuDTsGxQ267EwCVWD5bCrSWa64ilSJTgiUmzAv0a2W8YHXdG08+nYc

X/dVk5WRTw==

-----END CERTIFICATE-----

subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com

issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification 

Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

---

No client certificate CA names sent

---

Ciphers common between both SSL endpoints:

RC4-MD5         EXP-RC4-MD5     RC2-CBC-MD5

EXP-RC2-CBC-MD5 DES-CBC-MD5     DES-CBC3-MD5

RC4-64-MD5

---

SSL handshake has read 1023 bytes and written 333 bytes

---

New, SSLv2, Cipher is DES-CBC3-MD5

Server public key is 1024 bit

Compression: NONE

Expansion: NONE

SSL-Session:    

Protocol  : SSLv2    

Cipher    : DES-CBC3-MD5

Session-ID: 709F48E4D567C70A2E49886E4C697CDE    

Session-ID-ctx:    

Master-Key: 649E68F8CF936E69642286AC40A80F433602E3C36FD288C3    

Key-Arg   : E8CB6FEB9ECF3033    

Start Time: 1156977226    

Timeout   : 300 (sec)    

Verify return code: 21 (unable to verify the first certificate)---

closed