sslyze Fast and Full-Featured SSL Scanner

SSL or secure socket layer was the best way to encrypt the on going and out going request but now there are so many tools are available to exploit SSL, beside these tools there are so many tutorials and techniques that will help to exploit a SSL. SSL is a transport layer (OSI model) security that is known as TLS. Tools like THC-SSL-DOS and sslyze are the best among the hackers and crackers, the main point here is that TLS security is on OWASP top 10 list so we cannot neglect the importance of SSL.

How to Install Sslyze

Supported platforms are Windows 7 and Linux, both 32 and 64 bits. Other platforms (including Mac OS X) are not officially supported yet, but SSLyze might work if you’re lucky.

Linux

Prerequisites: Python 2.6 or 2.7 and OpenSSL 0.9.8+.
Packageis here.

Windows

Prerequisites: Python 2.6 or 2.7. OpenSSL 1.0.0c is part of the installation package. There is one package for Python 32 bits, and one for Python 64 bits.
Packagesare here.

Sslyze Tutorial

The following command line should be used:

$ python sslyze.py [options] www.target1.com www.target2.com:443 etc…

Several command line options are available. See the other articles within the wiki for more details regarding each options.

Options

Regular Scan “–regular”

Performs a regular scan. It’s a shortcut for –sslv2 –sslv3 –tlsv1 –reneg –resum –certinfo=basic.

OpenSSL Cipher Suites “–sslv2”, “–sslv3”, “–tlsv1”

Lists the SSL 2.0 / SSL 3.0 / TLS 1.0 OpenSSL cipher suites supported by the server.

Session Renegotiation “–reneg”

Checks whether the server is vulnerable to insecure renegotiation.

Session Resumption “–resum”

Tests the server for session resumption support, using both session IDs and TLS session tickets (RFC 5077).

Session Resumption Rate “–resum_rate”

Estimates the average rate of successful session resumptions by performing 100 session resumptions.

Server Certificate “–certinfo=basic”

Verifies the server’s certificate validity against Mozilla’s trusted root store, and prints relevant fields of the certificate.

Additional Options

Client Certificate Support

Configures SSlyze to use a client certificate in case the server performs mutual authentication. The following options are required:

  • –cert=CERT Client certificate filename.
  • –certform=CERTFORM Client certificate format. DER or PEM (default).
  • –key=KEY Client private key filename.
  • –keyform=KEYFORM Client private key format. DER or PEM (default).
  • –pass=KEYPASS Client private key passphrase.

Connections Timeout “–timeout=TIMEOUT”

Sets the timeout value in seconds used for every socket connection made to the target server(s). It forces SSLyze to wait more (or less) time for the target server to respond. Default value is 5s.


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...