sslyze – Fast and Full-Featured SSL Configuration Scanner


Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention to weak configurations, and the need to avoid them. Additionally, server misconfiguration has always greatly increased the overhead caused by SSL, slowing the transition to improved communications security.

To help improve system configurations, iSEC is releasing the free software “SSLyze” tool. They have found this tool helpful for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.


SSLyze is a stand-alone python application that looks for classic SSL misconfiguration, while providing the advanced user with the opportunity to customize the application via a simple plugin interface.

Features

  • Insecure renegotiation testing
  • Scanning for weak strength ciphers
  • Checking for SSLv2, SSLv3 and TLSv1 versions
  • Server certificate information dump and basic validation
  • Session resumption capabilities and actual resumption rate measurement
  • Support for client certificate authentication
  • Simultaneous scanning of multiple servers, versions and ciphers

For example, SSLyze can help user’s identify server configurations vulnerable to THC’s recently released SSL DOS attack by checking the server’s support for client-initiated renegotiations. For more information on testing for client-initiated renegotiations, you can read here.

You can download sslyze here:

sslyze-0.3_src.zip

Or read more here.

Posted in: Countermeasures, Networking Hacking Tools, Web Hacking

, , , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.