Monday, October 7, 2024
HomeInformation GatheringFast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs-A Detailed...

Fast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs-A Detailed Analysis

Published on

We are moving fast to the encrypted world and the usage of TLS certificates increased dramatically.Transport Layer Security is the main feature of TLS/SSL certificates, but it also aids in performance and SEO.

Now we are preparing for TLS1.3 which is designed which has Enhanced protection and speed by removing old unsafe cryptographic primitives and by reducing network round trips.

Also Read Evolution of TLS1.3 – Enhanced security and speed

- Advertisement - EHA

In the same hand, it is important to do penetration testing with SSL configured servers to avoid Misconfigurations.In this article, we are to use the tool SSLyze.

SSLyze SSL Scanner

SSLyze Fast and Complete SSL Scanner to find Misconfiguration in the servers configured with SSL. It works with Python 2.7 and 3.3+.

Key Features

  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 adaptability.
  • Server certificate validation and revocation checking through OCSP stapling.
  • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, and FTP.
  • Multi-processed and multi-threaded scanning (it’s fast).
  • Performance testing: session resumption and TLS tickets support.
  • Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more

For a Regular HTTPS Scan

root@kali:~# sslyze –regular domain.com

It will check for the Common name with SSL Certificate, Session Renegotiation, Compression, Fingerprints, SAN Domain Entries and Cipher Suites.

SSLyze Fast and Complete SSL Scanner to find Misconfiguration
SSLyze Fast and Complete SSL Scanner to find Misconfiguration
SSLyze Fast and Complete SSL Scanner to find Misconfiguration

To Test Server for Zlip Compression

sslyze –compression doamin.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

CERTINFO

Will print the certificate fields and also the validity against trusted root stores.

sslyze –certinfo=full gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

SessionResumption

SSLyze can also do session resumptions, it will 100 session resumptions to estimate the resumptions rate.

root@kali:~# sslyze –resum_rate domain.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

Also read Microsoft boycott SHA-1 Certificates in Edge and Internet Explorer

HSTS header

HTTP Strict Transport Security which is mandatory for ECommerce and sites processing login credentials to check that

root@kali:~# sslyze –hsts gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

Vulnerability Check HeartBleed

Heartbleed vulnerability with OpenSSL cryptographic software library allows stealing information over SSL/TLS connection, to check the Vulnerability with SSLyze.

root@kali:~# sslyze –heartbleed gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

SSLyze is a very useful tool to find all the Misconfiguration in the server. Soon we expect Poodle and Crime plugins are to be added. It was developed by iSECPartners.

Now you can also use SSL analyzers available online.

  1. SSL Analyzer Comodo.
  2. SSL Labs.
  3. SSLChecker.com

Also read Google Declares First-Ever SHA-1 attack

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

AgentTesla Stealer Delivered Via Weaponized PDF and CHM Files

AgentTesla, a notorious information stealer, is observed spreading via CHM and PDF Files, which...

InSpy – Linkedin Information Gathering Tool for Penetration Testers

The objective of this Information Gathering tool is to extract Linkedin users based on...

scanless – A Pentesting Tool to Perform Anonymous open Port Scan on Target Websites

Network Penetration Testing determines vulnerabilities on the network posture by discovering Open ports, Troubleshooting...