Happy-happy SSL tools

assessing SSL end-points

nmap script

nmap -sV --script ssl-enum-ciphers -p 443 nethence.com
nmap -sV --script ssl-enum-ciphers -p 25 xc.os3.su # finds starttls on its own

check_ssl_cert (posix shell)

    apt install bc curl bind9-host nmap
    apt install expect bind9-dnsutils netcat-traditional
    git clone https://github.com/matteocorti/check_ssl_cert.git
    cd check_ssl_cert/
    export DESTDIR=/usr/local/bin
    export MANDIR=/usr/local
    make install
    make install_bash_completion

ready to go

    check_ssl_cert --sni nethence.com --host x.x.x.x

testssl (bash)

install

apt install testssl.sh
#cd ~/opt/
#git clone --depth 1 https://github.com/drwetter/testssl.sh.git
cd testssl.sh/
cp ./testssl.sh /usr/local/bin/testssl

usage

testssl --help
testssl --server_defaults nethence.com:443
testssl --starttls smtp xc.nethence.com:25
# --jsonfile

sslyze (python)

pip install --upgrade setuptools
pip install --upgrade sslyze

sslyze -h
sslyze --sni=nethence.com nethence.com:443
sslyze --starttls=smtp xc.os3.su:25
# --json_out

Resources

nmap script

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

https://github.com/nmap/nmap/blob/master/scripts/ssl-enum-ciphers.nse

testssl

https://testssl.sh/

https://github.com/drwetter/testssl.sh

https://djangocas.dev/blog/security/testssl-command-line-tool-check-server-tls-ssl-ciphers-vulnerabilities/

FW https://www.blackhillsinfosec.com/testssl-sh-assessing-ssltls-configurations-at-scale/

check_ssl_cert

https://github.com/matteocorti/check_ssl_cert

sslyze

https://github.com/nabla-c0d3/sslyze

https://github.com/iSECPartners/sslyze

https://nabla-c0d3.github.io/sslyze/documentation/testing-connectivity.html#additional-settings-starttls-sni-etc

Testing SSL/TLS certificates (SSLyze) https://vk9-sec.com/testing-ssl-tls-certificates-sslyze/

moar

https://github.com/TKCERT/testssl.sh-masscan