sslscan
sslscan copied to clipboard
rbsec
sslscan tests SSL/TLS enabled services to discover supported cipher suites
The protocol scan will show protocols as disabled if they return a warning, even if the handshake then completes successfully. The response to the initial `ClientHello` can have a content...
The check for TLS compression relies on OpenSSL library supporting it - so will not be available if building dynamically. This can be worked around with a static build -...
I think some algorithms & key sizes should be re-categorized. Instead of just issuing a PR, I thought I'd talk about it first and see if we are on the...
Hi, I would like to make a pull request for an added functionnality. I can’t have proxy options (to have the possibility to tunneling the http flow to a proxy...
For performance improvement some sites let client choose which signature algorithm they want to use (mainly RSA or ECDSA). eg: www.google.com ```console openssl s_client -sigalgs RSA+SHA256 www.google.com:443 | openssl x509...
When scanning a host without --verbose, I get an empty list of Supported Server Cipher(s). When I add the --verbose option, I get three "SSL_get_error(ssl, cipherStatus) said: 1" errors in...
RFC: Experimental support for servers which require a client certificate (Fixes rbsec#119). Fix: Typo s/response/respond in "Some servers will fail to response to SSLv3 ciphers over STARTTLS" Fix: Logic error...
Xml/XSLT
Hi, _sslscan_ is very useful for me, at work, but I needed to be able to use it through a website (because of proxies), so I've just added a small...
It would be great to have support for policy file which says what is the expected configuration and sslscan reports misconfigurations, like ssh_scan by Mozilla..
To make screenshots for pentesting reports, it would be convenient to only show the problematic items. For example, if the TLS Renegotiation, TLS Compression, and Heartbleed detection come back ok,...
