Sunday, May 11, 2025
HomeInformation GatheringFast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs-A Detailed...

Fast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs-A Detailed Analysis

Published on

SIEM as a Service

Follow Us on Google News

We are moving fast to the encrypted world and the usage of TLS certificates increased dramatically.Transport Layer Security is the main feature of TLS/SSL certificates, but it also aids in performance and SEO.

Now we are preparing for TLS1.3 which is designed which has Enhanced protection and speed by removing old unsafe cryptographic primitives and by reducing network round trips.

Also Read Evolution of TLS1.3 – Enhanced security and speed

- Advertisement - Google News

In the same hand, it is important to do penetration testing with SSL configured servers to avoid Misconfigurations.In this article, we are to use the tool SSLyze.

SSLyze SSL Scanner

SSLyze Fast and Complete SSL Scanner to find Misconfiguration in the servers configured with SSL. It works with Python 2.7 and 3.3+.

Key Features

  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 adaptability.
  • Server certificate validation and revocation checking through OCSP stapling.
  • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, and FTP.
  • Multi-processed and multi-threaded scanning (it’s fast).
  • Performance testing: session resumption and TLS tickets support.
  • Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more

For a Regular HTTPS Scan

root@kali:~# sslyze –regular domain.com

It will check for the Common name with SSL Certificate, Session Renegotiation, Compression, Fingerprints, SAN Domain Entries and Cipher Suites.

SSLyze Fast and Complete SSL Scanner to find Misconfiguration
SSLyze Fast and Complete SSL Scanner to find Misconfiguration
SSLyze Fast and Complete SSL Scanner to find Misconfiguration

To Test Server for Zlip Compression

sslyze –compression doamin.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

CERTINFO

Will print the certificate fields and also the validity against trusted root stores.

sslyze –certinfo=full gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

SessionResumption

SSLyze can also do session resumptions, it will 100 session resumptions to estimate the resumptions rate.

root@kali:~# sslyze –resum_rate domain.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

Also read Microsoft boycott SHA-1 Certificates in Edge and Internet Explorer

HSTS header

HTTP Strict Transport Security which is mandatory for ECommerce and sites processing login credentials to check that

root@kali:~# sslyze –hsts gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

Vulnerability Check HeartBleed

Heartbleed vulnerability with OpenSSL cryptographic software library allows stealing information over SSL/TLS connection, to check the Vulnerability with SSLyze.

root@kali:~# sslyze –heartbleed gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

SSLyze is a very useful tool to find all the Misconfiguration in the server. Soon we expect Poodle and Crime plugins are to be added. It was developed by iSECPartners.

Now you can also use SSL analyzers available online.

  1. SSL Analyzer Comodo.
  2. SSL Labs.
  3. SSLChecker.com

Also read Google Declares First-Ever SHA-1 attack

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Sophisticated PhaaS Phish Toolkits are Now Genetrating Realistic Fake Phishing Pages

Cybersecurity experts are raising alarms over the proliferation of increasingly sophisticated phishing techniques that...

Critical Azure and Power Apps Vulnerabilities Allow Attackers to Exploit RCE

Microsoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power...

How to Detecting Backdoors in Enterprise Networks

In today’s rapidly evolving cybersecurity landscape, enterprise networks face a particularly insidious threat: backdoors,...

Securing Windows Endpoints Using Group Policy Objects (GPOs): A Configuration Guide

Securing Windows endpoints is a top priority for organizations seeking to protect sensitive data...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

AgentTesla Stealer Delivered Via Weaponized PDF and CHM Files

AgentTesla, a notorious information stealer, is observed spreading via CHM and PDF Files, which...

InSpy – Linkedin Information Gathering Tool for Penetration Testers

The objective of this Information Gathering tool is to extract Linkedin users based on...

scanless – A Pentesting Tool to Perform Anonymous open Port Scan on Target Websites

Network Penetration Testing determines vulnerabilities on the network posture by discovering Open ports, Troubleshooting...