Today I am going to show you a neat little tool I use to check the SSL and TLS configurations on my servers. SSL, as you should know by now, has been under scrutiny to find several high-profile vulnerabilities. Does Heartbleed ring a bell? With all the vulnerabilities and that the SSL protocols themselves has been deemed somewhat shady, it is important to keep them under control. A great tool for this is SSLscan.
What is it?
SSLScan is a simple to use tool for querying SSL services, such as HTTPS and SMTP, to decide supported ciphers. Not only can it query supported ciphers, it can also find out preferred ciphers and supported SSL protocols , whether the target support secure session renogation, if it uses compression, if the target is vulnerable to the Heartbleed vulnerability, which signature algorithm being used and the key strength. I urge you to discover what this tool can do!
How can I get it?
It comes bundled with Kali Linux. I suppose this tool is present in other pentest distro’s also. If not you can get it from here and install it manually.
How do I use it?
SSLScan is a command line tool. It’s pretty straight forward to issue a check:
$ sslscan <target>
If you need to scan multiple hosts, you can give a targets file containing a lists of hosts to check:
$ sslscan --targets=<file>
For instance if you need to verify weak TLS ciphers you can do:
$ sslscan --tls11
There are lots and lots of switches to tailor the checks. To find them all issue:
$ sslscan --help