Saturday, June 15, 2024

Fast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs-A Detailed Analysis

We are moving fast to the encrypted world and the usage of TLS certificates increased dramatically.Transport Layer Security is the main feature of TLS/SSL certificates, but it also aids in performance and SEO.

Now we are preparing for TLS1.3 which is designed which has Enhanced protection and speed by removing old unsafe cryptographic primitives and by reducing network round trips.

Also Read Evolution of TLS1.3 – Enhanced security and speed

In the same hand, it is important to do penetration testing with SSL configured servers to avoid Misconfigurations.In this article, we are to use the tool SSLyze.

SSLyze SSL Scanner

SSLyze Fast and Complete SSL Scanner to find Misconfiguration in the servers configured with SSL. It works with Python 2.7 and 3.3+.

Key Features

  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 adaptability.
  • Server certificate validation and revocation checking through OCSP stapling.
  • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, and FTP.
  • Multi-processed and multi-threaded scanning (it’s fast).
  • Performance testing: session resumption and TLS tickets support.
  • Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more

For a Regular HTTPS Scan

root@kali:~# sslyze –regular domain.com

It will check for the Common name with SSL Certificate, Session Renegotiation, Compression, Fingerprints, SAN Domain Entries and Cipher Suites.

SSLyze Fast and Complete SSL Scanner to find Misconfiguration
SSLyze Fast and Complete SSL Scanner to find Misconfiguration
SSLyze Fast and Complete SSL Scanner to find Misconfiguration

To Test Server for Zlip Compression

sslyze –compression doamin.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

CERTINFO

Will print the certificate fields and also the validity against trusted root stores.

sslyze –certinfo=full gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

SessionResumption

SSLyze can also do session resumptions, it will 100 session resumptions to estimate the resumptions rate.

root@kali:~# sslyze –resum_rate domain.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

Also read Microsoft boycott SHA-1 Certificates in Edge and Internet Explorer

HSTS header

HTTP Strict Transport Security which is mandatory for ECommerce and sites processing login credentials to check that

root@kali:~# sslyze –hsts gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

Vulnerability Check HeartBleed

Heartbleed vulnerability with OpenSSL cryptographic software library allows stealing information over SSL/TLS connection, to check the Vulnerability with SSLyze.

root@kali:~# sslyze –heartbleed gbhackers.com

SSLyze Fast and Complete SSL Scanner to find Misconfiguration

SSLyze is a very useful tool to find all the Misconfiguration in the server. Soon we expect Poodle and Crime plugins are to be added. It was developed by iSECPartners.

Now you can also use SSL analyzers available online.

  1. SSL Analyzer Comodo.
  2. SSL Labs.
  3. SSLChecker.com

Also read Google Declares First-Ever SHA-1 attack

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles