TLSSLed

Description

The purpose of the TLSSLed tool (named from the idea of your website being TLS/SSL-ed, that is, using “https;//”) is to simplify the output of a couple of commonly used tools, and highlight the most relevant security findings of any target SSL/TLS implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool.

TLSSLed is a Linux shell script inspired on ssl_test.sh by Aung Khant, where a few optimizations have been made to reduce the stress on the target web server (sslscan is run only once and the results are stored on a local file), and some tests have been added and tuned.

Usage

Syntax

tlssled HOSTNAME_or_IP PORT

Example

cyborg@cyborg:~$ sudo tlssled example.com 443
------------------------------------------------------
 TLSSLed - (1.2) based on sslscan and openssl
                 by Raul Siles (www.taddong.com)
------------------------------------------------------
+ openssl version: OpenSSL 1.0.1f 6 Jan 2014
+ sslscan version 1.8.2
------------------------------------------------------

[-] Analyzing SSL/TLS on example.com:443 ..

[*] The target service example.com:443 seems to speak SSL/TLS...


[-] Running sslscan on example.com:443...

[*] Testing for SSLv2 ...

[*] Testing for NULL cipher ...

[*] Testing for weak ciphers (based on key length) ...


[*] Testing for strong ciphers (AES) ...
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  AES128-SHA

[*] Testing for MD5 signed certificate ...

[*] Testing for certificate public key length ...

[*] Testing for certificate subject ...

[*] Testing for certificate CA issuer ...

[*] Testing for certificate validity period ...
    Today: Tue Sep  8 05:45:16 UTC 2015

[*] Checking preferred server ciphers ...
  Prefered Server Cipher(s):
ERROR: Could not create CTX object.


[-] Testing for SSLv3/TLSv1 renegotiation vuln. (CVE-2009-3555) ...

[*] Testing for secure renegotiation ...
Secure Renegotiation IS supported


[-] Testing for TLS v1.1 and v1.2 (CVE-2011-3389 aka BEAST) ...

[*] Testing for SSLv3 and TLSv1 support first ...
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5

[*] Testing for TLS v1.1 support ...
TLS v1.1 IS supported

[*] Testing for TLS v1.2 support ...
TLS v1.2 IS supported


[-] Testing for SSL/TLS HTTPS security headers ...

[*] Testing for Strict-Transport-Security (STS) header ...

[*] Testing for cookies with the secure flag ...

[*] Testing for cookies without the secure flag ...


[-] New files created:
-rw-r--r-- 1 root root 3151 Sep  8 11:15 sslscan_example.com_443_2015-09-08_111437.log
-rw-r--r-- 1 root root 4570 Sep  8 11:15 openssl_HEAD_example.com_443_2015-09-08_111437.log
-rw-r--r-- 1 root root 4411 Sep  8 11:14 openssl_RENEG_example.com_443_2015-09-08_111437.log
-rw-r--r-- 1 root root 287 Sep  8 11:14 openssl_RENEG_example.com_443_2015-09-08_111437.err
-rw-r--r-- 1 root root 176 Sep  8 11:15 openssl_HEAD_example.com_443_2015-09-08_111437.err


[-] done




		
	
	
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?