Archive | November, 2014

isowall – Completely Isolate A Device From The Local Network

Use Netsparker


Isowall is a mini-firewall that allows you to completely isolate a device from the local network. This is for allowing infected machines Internet access, but without endangering the local network.

isowall - Completely Isolate A Device From The Local Network

Building

This project depends upon libpcap, and of course a C compiler.

On Debian, the following should work:

This will put the binary isowall in the local isowall/bin directory.

This should also work on Windows, Mac OS X, xBSD, and pretty much any operating system that supports libpcap.

Running

First, setup a machine with three network interfaces.

The first network interface (like eth0) will be configured as normal, with a TCP/IP stack, so that you can SSH to it.

The other two network interfaces should have no TCP/IP stack, no IP address, no anything. This is the most important configuration step, and the most common thing you’ll get wrong. For example, the DHCP software on the box may be configured to automatically send out DHCP requests on these additional interfaces. You have to go fix that so nothing is bound to these interfaces.

To run, simply type:

Configuration

The following shows a typical configuration file

You can download isowall here:

master.zip

Or read more here – the author can be found on Twitter here @erratarob.

Posted in: Countermeasures, Forensics

Topic: Countermeasures, Forensics


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


Bitcoin Not That Anonymous Afterall

Use Netsparker


One of the big advantages touted by Bitcoin (and other cryptocurrencies) was always the anonymity of the transactions, yes you can track a wallet address and see the transaction history. But there’s no real way to link that wallet address to a real person (so we thought).

I mean other than any leaky fiat exchange process (most of which do require proper registration using passport/ID etc), but now it seems there is a way.

Bitcoin Not That Anonymous Afterall

It seems like 11% of Bitcoin transactions can be ‘unmasked’ fairly easily, without any sign that it’s happening. Unmasking in this context meaning linking the transaction in the blockchain to a public IP address.

The cyber-libertarian poster-child Bitcoin, meant to usher in a new age of anonymous transactions, is rubbish at protecting users’ IP addresses according to research from the University of Luxembourg.

In this Association of Computing Machinery (ACM) conference paper by Alex Biryukov, Dmitry Khovratovich and Ivan Pustogarov of the Laboratory of Algorithmics, Cryptology and Security, “few computers” and a budget of €1,500 per for servers and traffic charges should be enough to start unmasking users’ addresses with as much as 60 per cent accuracy.

If an attacker needed to be stealthy, their success rate would drop to 11 per cent.

In what they call “a generic method to deanonymise a significant fraction of Bitcoin users and correlate their pseudonyms with public IP addresses”, the authors say clients can be uniquely identified by their “entry nodes”, and that these identify the origin of the transaction.


With a small amount of resources (in terms of servers, storage and bandwidth) the attacker (or in this case, researcher) can unmask up to 60% of user IP addresses using entry nodes.

Obviously using something like TOR could protect against this, but even then they can reject TOR connections (But that’s very likely to be noticed in this privacy sensitive part of the Internet).

“In a concrete example, an attacker with a few GB of storage and no more than 50 connections to each Bitcoin server can disclose the sender’s IP address in 11 per cent of all transactions generated in the Bitcoin network”, the paper claims.

Even more scary: the boffins reckon they can identify users behind NAT firewalls – and think their attack could be extended to other P2P networks.

The key phase of the researchers’ attack includes four steps:

  • Getting a list of Bitcoin servers using the GETADDR message and working out if the responder is a server using the ADDR response and sending it a VERSION message;
  • Building a list of nodes as targets for deanonymisation;
  • Mapping clients to entry nodes; and
  • Mapping transactions to entry nodes.

The paper notes that TOR would protect against this, but that, too, can be defeated if the attacker is willing to take a risk: Bitcoin servers can be prohibited from accepting TOR connections, but refusing those connections would be noticed.

Also likely to be noticed: to get their 60 per cent deanonymisation rate, the attackers noted, required “a slight DoS of the network”.

On a positive note (if you’re a cryptocurrency fan), is that this shows that Bitcoin is gaining traction with academics spending their effort looking into it. I’m glad these kind of issues are being uncovered, I just hope they get addressed by the core dev team.

Interesting times ahead I reckon.

Source: The Register

Posted in: Cryptography, Privacy

Topic: Cryptography, Privacy


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


LinEnum – Linux Enumeration & Privilege Escalation Tool

The New Acunetix V12 Engine


LinEnum will automate many Local Linux Enumeration & Privilege Escalation checks documented in this cheat sheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations and more.

An additional ‘extra’ feature is that the script will also use a provided keyword to search through *.conf and *.log files. Any matches will be displayed along with the full file path and line number on which the keyword was identified.

LinEnum - Linux Enumeration & Privilege Escalation Tool

After the scan has completed (please be aware that it make take some time) you’ll be presented with (possibly quite extensive) output, to which any key findings will be highlighted in yellow with everything else documented under the relevant headings.

Usage


Checks/Tasks Performed

  • Kernel and distribution release details
  • System Information:
    • Hostname
    • Networking details:
    • Current IP
    • Default route details
    • DNS server information
  • User Information:
    • Current user details
    • Last logged on users
    • List all users including uid/gid information
    • List root accounts
    • Extracts password policies and hash storage method information
    • Checks umask value
    • Checks if password hashes are stored in /etc/passwd
    • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
    • Attempt to read restricted files i.e. /etc/shadow
    • List current users history files (i.e .bash_history, .nano_history etc.)
    • Basic SSH checks
  • Privileged access:
    • Determine if /etc/sudoers is accessible
    • Determine if the current user has Sudo access without a password
    • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
    • Is root’s home directory accessible
    • List permissions for /home/
  • Environmental:
    • Display current $PATH
  • Jobs/Tasks:
    • List all cron jobs
    • Locate all world-writable cron jobs
    • Locate cron jobs owned by other users of the system
  • Services:
    • List network connections (TCP & UDP)
    • List running processes
    • Lookup and list process binaries and associated permissions
    • List inetd.conf/xined.conf contents and associated binary file permissions
    • List init.d binary permissions
  • Version Information (of the following):
    • Sudo
    • MYSQL
    • Postgres
    • Apache
    • Checks user config
  • Default/Weak Credentials:
    • Checks for default/weak Postgres accounts
    • Checks for default/weak MYSQL accounts
  • Searches:
    • Locate all SUID/GUID files
    • Locate all world-writable SUID/GUID files
    • Locate all SUID/GUID files owned by root
    • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
    • List all world-writable files
    • Find/list all accessible *.plan files and display contents
    • Find/list all accessible *.rhosts files and display contents
    • Show NFS server details
    • Locate *.conf and *.log files containing keyword supplied at script runtime
    • List all *.conf files located in /etc
    • Locate mail

You can download LinEnum v0.5 here:

master.zip

Or read more here.

Posted in: Linux Hacking, Security Software

Topic: Linux Hacking, Security Software


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

Use Netsparker


So it’s been a while since we’ve talked about any flaws in WordPress – because usually they are pretty dull and require such an obscure set of circumstances, that they are unlikely to ever occur in the wild.

The most recent time was this year actually, but was a DoS attack, which is not THAT damaging – XML Quadratic Blowup Attack Blows Up WordPress & Drupal.

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

But this, this time it’s different – this one is pretty seriously. Fortunately it’s not a vulnerability in the latest version of WordPress (4.0) but only affects those people still sticking to the latest version on the 3.x branch (3.9.2 or below).

New security updates released for the WordPress content management system and one of its popular plug-ins fix cross-site scripting (XSS) vulnerabilities that could allow attackers to take control of websites.

The WordPress development team released Thursday WordPress 4.0.1, 3.9.3, 3.8.5 and 3.7.5 as critical security updates. The 3.9.3, 3.8.5 and 3.7.5 updates address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments.

“In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,” said Jouko Pynnonen, the security researcher who found the flaw, in an advisory. “When a blog administrator goes to the Dashboard/Comments section to review new comments, the JavaScript gets executed. The script can then perform operations with administrator privileges.”

Such a rogue operation can be the creation of a second WordPress administrator account with an attacker-specified password. What makes things worse is that the flaw can typically be exploited without authentication, because the action of posting a comment on a WordPress blog does not require an account by default.


Still, if a blog is using 3.9.2 and has anonymous commenting enabled (which most do) then a malicious user could execute JavaScript as you (the admin) by utilising this exploit.

Obviously if you’ve gone the ‘cloud’ way and don’t allow ANY user input at all, and are using only Facebook Comments/Disqus/LiveFyre etc then you are safe.

The comment XSS vulnerability only affects WordPress 3.9.2 and earlier versions, not WordPress 4.0. However, the 4.0.1 update, as well as the 3.x ones, also address three other XSS flaws that can be used to compromise WordPress sites if the attacker has access to a contributor or author account on them.

The new releases also fix a cross-site request forgery flaw that could be used to trick a user into changing their password, as well as a denial-of-service issue.

Separately, the developers of WP-Statistics, a WordPress plug-in that gathers and displays visitor statistics, issued an update to fix a high-risk XSS flaw that’s similar to the ones fixed in the content management system itself.

“The plugin fails to properly sanitize some of the data it gathers for statistical purposes, which are controlled by the website’s visitors,” said Marc-Alexandre Montpas, a researcher at Web security firm Sucuri, in a blog post. “If an attacker decided to put malicious Javascript code in the affected parameter, it would be saved in the database and printed as-is in the administrative panel, forcing the victim’s browser to perform background tasks on its behalf.”

The Sucuri researchers were able to leverage the flaw to create a new admin account on a test site.

As a side note, there is also a similar vulnerability in the popular plug-in WP-Statistics, which also fails to sanitize data and falls foul to the same kind of XSS (which allows addition of an admin account by the malicious user).

There’s an update available for the plugin, so if you’re usint it – get it updated! And of course update WordPress core as well, if your auto-updates failed.

Source: Network World

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


Sparty – MS Sharepoint and Frontpage Auditing Tool

The New Acunetix V12 Engine


Sparty is an open source Sharepoint and Frontpage auditing tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

Sparty - MS Sharepoint and Frontpage Auditing Tool

Features

  • Sharepoint and Frontpage Version Detection!
  • Dumping Password from Exposed Configuration Files!
  • Exposed Sharepoint/Frontpage Services Scan!
  • Exposed Directory Check!
  • Installed File and Access Rights Check!
  • RPC Service Querying!
  • File Enumeration!
  • File Uploading Check

Usage

Requirements

This version uses following libraries:

  • import urllib2
  • import re
  • import os, sys
  • import optparse
  • import httplib

Also note Python 2.6 is required.

You can download Sparty here:

master.zip

Or read more here – the author can be found on Twitter here @AdityaKSood.

Posted in: Web Hacking, Windows Hacking

Topic: Web Hacking, Windows Hacking


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


U.S. State Department Hacked

The New Acunetix V12 Engine


So the U.S. government has been getting fairly hammered lately with breaches/attacks hitting the White House, USPS (Postal Service) and NOAA.

The latest victim of this onslaught has been the State Department, which had to totally shut down their email systems on November 14th after discovering various ‘areas of concern’.

U.S. State Department Hacked

I wonder who’s going to fall next after this? This seems to be a fairly sustained and systematic attack, perhaps from the same perpetrators (or ‘actors’ if I was to use the new trendy infosec language).

Over the course of the last several weeks, a number of high-profile U.S. federal networks have been breached by attackers. The latest organization to be breached is the U.S. State Department, which had to take its email system offline.

The breach at the State Department follows attacks against the White House, the United States Postal Service (USPS) and the National Oceanic and Atmospheric Administration (NOAA).

The Associated Press, which broke the story on the State Department hack on Nov. 16, indicated that the entire unclassified email system was potentially at risk. The actual State Department email shutdown occurred late Friday, Nov. 14, as areas of concern about the email system were discovered.

Currently, there is no official attribution for the source of the State Department email incident. In the NOAA and White House incidents, reports have alleged that nation-state actors from China and Russia were involved.

Bob Stratton, managing partner at cyber-security accelerator Mach37, told eWEEK that he was somewhat surprised at the State Department disclosure. In general, his view is that the State Department’s discussion of this attack is a constructive development.

“While perfect security is a laudable goal, users of information technology are coming to realize that these events occur even in the face of diligent effort,” Stratton said. “There is some value in not immediately assuming that IT operations and security organizations are incompetent so much as that they are enduring a continuing, innovative, determined stream of network attacks.”


Blame it on Russia or China right? That seems to be the standard answer when it comes to things like this. It is good to see it was announced though and not swept under the carpet like it usually is. It’ll be interesting to see if we get any actual meaty details though (like how the attackers got in, what kind of information was leaked, how they fixed the issues etc.).

But honestly, I don’t see that kind of openness happening any time soon. It would be nice though right?

At this point, Stratton added, he’s more curious about how quickly and effectively a breached agency or company can do damage assessment, and how long it takes for them to perform remediation of the breach with confidence that it was done effectively.

In the State Department incident, the email system was the target, which makes sense considering what sort of information might be present.

“An email system contains not only information regarding users in the directory services, but also a wealth of information in the emails themselves,” John Fitzgerald, CTO North America at Wave Systems, told eWEEK. “So if an attacker is able to gain access to internal data repositories—databases, email systems and file stores—a great amount of direct and indirect information can be gathered.”

There is no question that the use of email as a vehicle for delivery of attacks is extremely popular, and has been for a while, according to Stratton.

“It makes sense if one is trying to collect information on an organization that the attacker might be interested in what is arguably the most commonly used and perhaps most critical collaboration tool,” he said.

In terms of next steps for the government, Fitzgerald said the information gathered from the attacks should be used to investigate whether other areas of the infrastructure have been compromised and look for similar fingerprints in other information systems.

Stratton added that he expects the State Department will be doing a damage assessment to determine what exactly was breached, and the sensitivity and implications of that, as well as developing a remediation plan.

“The question in situations where there is a large set of stored information is, Is there some way that the consistent use of encryption might have prevented the loss of some of this information?” Stratton said. “That is no panacea either, but it can sometimes help to make extracting information through an attack more difficult for the attacker.”

I would imagine an organisation like the State Department has access to some pretty hot forensics/incident response teams though, so they should be able to a fairly quick and thorough investigation of what happened.

That is if it was handled properly and the evidence of tampering hasn’t already been destroyed by some heavy handed internal IT support staff member turning off servers and unplugging switches.

They should have a pretty tight IRP in place to handle things like this though, so the chain of evidence should be pretty legit. Yah, that was an awful lot of ‘shoulds’.

Source: eWeek

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.