SSLScan determines what ciphers are supported on SSL-based services, such as HTTPS. Furthermore, SSLScan will determine the prefered ciphers of the SSL service.
Requirements
SSLScan requires the GNU C compiler and the OpenSSL library. Both of these are usually installed by default on a number of Linux distributions. Although this program has not been tested on other platforms it should work if the requirements have been met.
Building
To build SSLScan, first extract the archive and change into the source directory. Then execute the following command:
gcc -lssl -o sslscan sslscan.c
On Apple Mac OS X you will need to install the ports version of OpenSSL as the version that comes with your Mac is missing a few things. So if you don't already have ports installed, download it from www.macports.org. You can install the latest OpenSSL using the following command:
sudo port install openssl
SSL Scan can then be built using the following command:
gcc -I/opt/local/include -L/opt/local/lib -lssl -lcrypto -o sslscan sslscan.c
Running
In its simplist form, SSLScan can be run with only one parameter, just specify the host to test. SSLScan will default to port 443 if a port is not specified. The following screenshot shows SSLScan being run, testing only the SSLv2 ciphers.
The command line arguements for SSLScan are:
Command:
sslscan [Options] [host:port | host]
Options:
--targets= A file containing a list of hosts to
check. Hosts can be supplied with
ports (i.e. host:port).
--no-failed List only accepted ciphers (default
is to listing all ciphers).
--ssl2 Only check SSLv2 ciphers.
--ssl3 Only check SSLv3 ciphers.
--tls1 Only check TLSv1 ciphers.
--pk= A file containing the private key or
a PKCS#12 file containing a private
key/certificate pair (as produced by
MSIE and Netscape).
--pkpass= The password for the private key or
PKCS#12 file.
--certs= A file containing PEM/ASN1 formatted
client certificates.
--starttls If a STARTTLS is required to kick an
SMTP service into action.
--http Test a HTTP connection.
--bugs Enable SSL implementation bug work-
arounds.
--xml= Output results to an XML file.
--version Display the program version.
--help Display the help text you are now
Third Party
Jabra has developed an XML parser for SSLScan which can be downloaded from http://search.cpan.org/~jabra/.
Downloads
Download sslscan-1.8.2.tgz (22.2 kB)
Download other versions
Screenshot -
Requirements
SSLScan requires the GNU C compiler and the OpenSSL library. Both of these are usually installed by default on a number of Linux distributions. Although this program has not been tested on other platforms it should work if the requirements have been met.
Building
To build SSLScan, first extract the archive and change into the source directory. Then execute the following command:
gcc -lssl -o sslscan sslscan.c
On Apple Mac OS X you will need to install the ports version of OpenSSL as the version that comes with your Mac is missing a few things. So if you don't already have ports installed, download it from www.macports.org. You can install the latest OpenSSL using the following command:
sudo port install openssl
SSL Scan can then be built using the following command:
gcc -I/opt/local/include -L/opt/local/lib -lssl -lcrypto -o sslscan sslscan.c
Running
In its simplist form, SSLScan can be run with only one parameter, just specify the host to test. SSLScan will default to port 443 if a port is not specified. The following screenshot shows SSLScan being run, testing only the SSLv2 ciphers.
The command line arguements for SSLScan are:
Command:
sslscan [Options] [host:port | host]
Options:
--targets= A file containing a list of hosts to
check. Hosts can be supplied with
ports (i.e. host:port).
--no-failed List only accepted ciphers (default
is to listing all ciphers).
--ssl2 Only check SSLv2 ciphers.
--ssl3 Only check SSLv3 ciphers.
--tls1 Only check TLSv1 ciphers.
--pk= A file containing the private key or
a PKCS#12 file containing a private
key/certificate pair (as produced by
MSIE and Netscape).
--pkpass= The password for the private key or
PKCS#12 file.
--certs= A file containing PEM/ASN1 formatted
client certificates.
--starttls If a STARTTLS is required to kick an
SMTP service into action.
--http Test a HTTP connection.
--bugs Enable SSL implementation bug work-
arounds.
--xml= Output results to an XML file.
--version Display the program version.
--help Display the help text you are now
Third Party
Jabra has developed an XML parser for SSLScan which can be downloaded from http://search.cpan.org/~jabra/.
Downloads
Download sslscan-1.8.2.tgz (22.2 kB)
Download other versions
Screenshot -
No comments:
Post a Comment