sslyze Fast and Full-Featured SSL Scanner
SSL or secure socket layer was the best way to encrypt the on going and out going request but now there are so many tools are available to exploit SSL, beside these tools there are so many tutorials and techniques that will help to exploit a SSL. SSL is a transport layer (OSI model) security that is known as TLS. Tools like THC-SSL-DOS and sslyze are the best among the hackers and crackers, the main point here is that TLS security is on OWASP top 10 list so we cannot neglect the importance of SSL.
How to Install SslyzeSupported platforms are Windows 7 and Linux, both 32 and 64 bits. Other platforms (including Mac OS X) are not officially supported yet, but SSLyze might work if you're lucky.
Prerequisites: Python 2.6 or 2.7 and OpenSSL 0.9.8+.
Prerequisites: Python 2.6 or 2.7. OpenSSL 1.0.0c is part of the installation package. There is one package for Python 32 bits, and one for Python 64 bits.
Sslyze TutorialThe following command line should be used:
$ python sslyze.py [options] www.target1.com www.target2.com:443 etc...
Several command line options are available. See the other articles within the wiki for more details regarding each options.
Performs a regular scan. It's a shortcut for --sslv2 --sslv3 --tlsv1 --reneg --resum --certinfo=basic.
Lists the SSL 2.0 / SSL 3.0 / TLS 1.0 OpenSSL cipher suites supported by the server.
Checks whether the server is vulnerable to insecure renegotiation.
Tests the server for session resumption support, using both session IDs and TLS session tickets (RFC 5077).
Estimates the average rate of successful session resumptions by performing 100 session resumptions.
Verifies the server's certificate validity against Mozilla's trusted root store, and prints relevant fields of the certificate.
Configures SSlyze to use a client certificate in case the server performs mutual authentication. The following options are required:
- --cert=CERT Client certificate filename.
- --certform=CERTFORM Client certificate format. DER or PEM (default).
- --key=KEY Client private key filename.
- --keyform=KEYFORM Client private key format. DER or PEM (default).
- --pass=KEYPASS Client private key passphrase.
sslyze Fast and Full-Featured SSL Scanner Reviewed by Ethical Hacking on 9:11 AM Rating: