sslyze Fast and Full-Featured SSL Scanner

SSL or secure socket layer was the best way to encrypt the on going and out going request but now there are so many tools are available to exploit SSL, beside these tools there are so many tutorials and techniques that will help to exploit a SSL. SSL is a transport layer (OSI model) security that is known as TLS. Tools like THC-SSL-DOS and sslyze are the best among the hackers and crackers, the main point here is that TLS security is on OWASP top 10 list so we cannot neglect the importance of SSL.

How to Install Sslyze

Supported platforms are Windows 7 and Linux, both 32 and 64 bits. Other platforms (including Mac OS X) are not officially supported yet, but SSLyze might work if you’re lucky.

Linux

Prerequisites: Python 2.6 or 2.7 and OpenSSL 0.9.8+.
Packageis here.

Windows

Prerequisites: Python 2.6 or 2.7. OpenSSL 1.0.0c is part of the installation package. There is one package for Python 32 bits, and one for Python 64 bits.
Packagesare here.

Sslyze Tutorial

The following command line should be used:

$ python sslyze.py [options] www.target1.com www.target2.com:443 etc…

Several command line options are available. See the other articles within the wiki for more details regarding each options.

Options

Regular Scan “–regular”

Performs a regular scan. It’s a shortcut for –sslv2 –sslv3 –tlsv1 –reneg –resum –certinfo=basic.

OpenSSL Cipher Suites “–sslv2”, “–sslv3”, “–tlsv1”

Lists the SSL 2.0 / SSL 3.0 / TLS 1.0 OpenSSL cipher suites supported by the server.

Session Renegotiation “–reneg”

Checks whether the server is vulnerable to insecure renegotiation.

Session Resumption “–resum”

Tests the server for session resumption support, using both session IDs and TLS session tickets (RFC 5077).

Session Resumption Rate “–resum_rate”

Estimates the average rate of successful session resumptions by performing 100 session resumptions.

Server Certificate “–certinfo=basic”

Verifies the server’s certificate validity against Mozilla’s trusted root store, and prints relevant fields of the certificate.

Additional Options

Client Certificate Support

Configures SSlyze to use a client certificate in case the server performs mutual authentication. The following options are required:

  • –cert=CERT Client certificate filename.
  • –certform=CERTFORM Client certificate format. DER or PEM (default).
  • –key=KEY Client private key filename.
  • –keyform=KEYFORM Client private key format. DER or PEM (default).
  • –pass=KEYPASS Client private key passphrase.

Connections Timeout “–timeout=TIMEOUT”

Sets the timeout value in seconds used for every socket connection made to the target server(s). It forces SSLyze to wait more (or less) time for the target server to respond. Default value is 5s.


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...