feat: allow cipher enumeration in SSL protocol

[mionskowski-form3]

Proposed changes

This allows enabling cipher and TLS version enumeration in SSL protocol; enabling templates to access ciphers_enum to perform checks on all supported ciphers.

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[tarunKoyalwar]

lgtm ! thanks for contribution @mionskowski-form3

tls version enum

$  ./nuclei -u scanme.sh -t tls-version.yaml 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.1

		projectdiscovery.io

[INF] Current nuclei version: v3.0.1 (outdated)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[INF] New templates added in latest release: 73
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[tls-version] [ssl] [info] scanme.sh:443 [["tls13","tls10","tls11","tls12"]]

Cipher Enumeration (weak & insecure)

$  ./nuclei -u scanme.sh -t weak-cipher-suites.yaml

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.1

		projectdiscovery.io

[INF] Current nuclei version: v3.0.1 (outdated)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[INF] New templates added in latest release: 73
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Started TLS Cipher Enumeration using auto mode
[weak-cipher-suites] [ssl] [low] scanme.sh:443 [[{"ciphers":{},"version":"tls13"},{"ciphers":{"weak":["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"]},"version":"tls10"},{"ciphers":{"weak":["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"]},"version":"tls11"},{"ciphers":{"weak":["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"]},"version":"tls12"}]]

[tarunKoyalwar]

updated templates

id: tls-version

info:
  name: TLS Version
  author: pdteam
  severity: info
  tags: ssl

ssl:
  - address: "{{Host}}:{{Port}}"
    tls_version_enum: true

    extractors:
      - type: json
        json:
          - ".version_enum"

id: weak-cipher-suites

info:
  name: Weak Cipher Suites Detection
  author: pussycat0x
  severity: low
  description: A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/
    - http://ciphersuite.info
  metadata:
    max-request: 4
  tags: ssl,tls,misconfig,fuzz


ssl:
  - address: "{{Host}}:{{Port}}"
    tls_cipher_enum: true
    tls_cipher_types: 
      - insecure 
      - weak

    extractors:
      - type: json
        json:
          - ".cipher_enum"

[tarunKoyalwar]

follow up projectdiscovery/tlsx#402