id: insecure-cipher-suites-enabled

info:
  name: Insecure Cipher Suites Enabled
  author: princechaddha
  severity: high
  description: Checks if insecure cipher suites are enabled.
  impact: |
    Enabling insecure cipher suites can lead to weak encryption, making it easier for attackers to decrypt sensitive data.
  remediation: |
    Disable insecure cipher suites such as those using RC4 or DES encryption.
  tags: windows,cipher,security,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-TlsCipherSuite | Where-Object { $_.CipherSuite -match "RC4|DES" }

    matchers:
      - type: word
        words:
          - "RC4"
          - "DES"
# digest: 4b0a00483046022100c8c0243b7d1940e5ae14f38ab3c8850ac5ba56c32c6545c11319795894977a44022100d252922a324aea3df543c0cc832b3ad876730b89373101d4e9c5dc67a6a758a6:922c64590222798bb761d5b6d8e72950