Happy-happy SSL tools

assessing SSL end-points

nmap script

nmap -sV --script ssl-enum-ciphers -p 443 nethence.com
nmap -sV --script ssl-enum-ciphers -p 25 xc.os3.su # finds starttls on its own

check_ssl_cert

    apt install bc curl bind9-host nmap
    apt install expect bind9-dnsutils netcat-traditional
    git clone https://github.com/matteocorti/check_ssl_cert.git
    cd check_ssl_cert/
    export DESTDIR=/usr/local/bin
    export MANDIR=/usr/local
    make install
    make install_bash_completion

ready to go

    check_ssl_cert -H tmp.nethence.com

testssl (bash)

cd ~/opt/
git clone --depth 1 https://github.com/drwetter/testssl.sh.git
cd testssl.sh/
./testssl.sh --help
./testssl.sh nethence.com:443
./testssl.sh --starttls smtp xc.nethence.com:25

sslyze (python)

pip install --upgrade setuptools
pip install --upgrade sslyze

sslyze -h
sslyze --regular --sni=nethence.com nethence.com:443
sslyze --starttls=smtp xc.os3.su:25

Resources

nmap script

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

https://github.com/nmap/nmap/blob/master/scripts/ssl-enum-ciphers.nse

testssl

https://testssl.sh/ https://github.com/drwetter/testssl.sh

check_ssl_cert

https://github.com/matteocorti/check_ssl_cert

sslyze

https://github.com/nabla-c0d3/sslyze

https://github.com/iSECPartners/sslyze

https://nabla-c0d3.github.io/sslyze/documentation/testing-connectivity.html#additional-settings-starttls-sni-etc

Testing SSL/TLS certificates (SSLyze) https://vk9-sec.com/testing-ssl-tls-certificates-sslyze/


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2023 Pierre-Philipp Braun