| # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.10 Release: 12.10 Codename: quantal # uname -ri 3.5.0-18-generic x86_64 |
about sslyze
https://github.com/iSECPartners/sslyze
download sslyze-0.5_src.zip from https://github.com/iSECPartners/sslyze/downloads
unzip sslyze-0.5_src.zip
| # unzip sslyze-0.5_src.zip Archive: sslyze-0.5_src.zip creating: sslyze-0.5_src/ inflating: sslyze-0.5_src/AUTHORS.txt inflating: sslyze-0.5_src/LICENSE.txt inflating: sslyze-0.5_src/mozilla_cacert.pem inflating: sslyze-0.5_src/mozilla_ev_oids.py creating: sslyze-0.5_src/plugins/ inflating: sslyze-0.5_src/plugins/PluginBase.py inflating: sslyze-0.5_src/plugins/PluginCertInfo.py inflating: sslyze-0.5_src/plugins/PluginCompression.py inflating: sslyze-0.5_src/plugins/PluginOpenSSLCipherSuites.py inflating: sslyze-0.5_src/plugins/PluginSessionRenegotiation.py inflating: sslyze-0.5_src/plugins/PluginSessionResumption.py extracting: sslyze-0.5_src/plugins/__init__.py inflating: sslyze-0.5_src/README.md inflating: sslyze-0.5_src/sslyze.py creating: sslyze-0.5_src/test/ inflating: sslyze-0.5_src/test/https_test.txt inflating: sslyze-0.5_src/test/smtp_test.txt inflating: sslyze-0.5_src/test/xmpp_test.txt creating: sslyze-0.5_src/utils/ creating: sslyze-0.5_src/utils/ctSSL/ inflating: sslyze-0.5_src/utils/ctSSL/BIO.py inflating: sslyze-0.5_src/utils/ctSSL/constants.py inflating: sslyze-0.5_src/utils/ctSSL/errors.py inflating: sslyze-0.5_src/utils/ctSSL/features_not_available.py inflating: sslyze-0.5_src/utils/ctSSL/LICENSE inflating: sslyze-0.5_src/utils/ctSSL/load_openssl.py inflating: sslyze-0.5_src/utils/ctSSL/README inflating: sslyze-0.5_src/utils/ctSSL/SSL.py inflating: sslyze-0.5_src/utils/ctSSL/SSL_CTX.py inflating: sslyze-0.5_src/utils/ctSSL/SSL_SESSION.py inflating: sslyze-0.5_src/utils/ctSSL/X509.py inflating: sslyze-0.5_src/utils/ctSSL/X509_V_CODES.py inflating: sslyze-0.5_src/utils/ctSSL/__init__.py inflating: sslyze-0.5_src/utils/discover_plugins.py inflating: sslyze-0.5_src/utils/discover_targets.py inflating: sslyze-0.5_src/utils/HTTPSConnection.py inflating: sslyze-0.5_src/utils/parse_command_line.py inflating: sslyze-0.5_src/utils/SSLSocket.py inflating: sslyze-0.5_src/utils/SSLyzeSSLConnection.py inflating: sslyze-0.5_src/utils/StartTLS.py inflating: sslyze-0.5_src/utils/ThreadPool.py extracting: sslyze-0.5_src/utils/__init__.py |
python 2.6 or 2.7 and OpenSSL 0.9.8+ are required to use sslyze.
| # python –version Python 2.7.3 # openssl OpenSSL> version OpenSSL 1.0.1c 10 May 2012 OpenSSL> quit |
[ example usage ]
you can check the options by issuing “python sslyze.py --help”
| # python sslyze.py –help | head -30 REGISTERING AVAILABLE PLUGINS ----------------------------- PluginCertInfo - OK PluginSessionRenegotiation - OK PluginCompression - OK PluginSessionResumption - OK PluginOpenSSLCipherSuites - OK Usage: sslyze.py [options] target1.com target2.com:443 etc... Options: --version show program's version number and exit -h, --help show this help message and exit --xml_out=XML_FILE Writes the scan results as an XML document to the file XML_FILE. --targets_in=TARGETS_IN Reads the list of targets to scan from the file TARGETS_IN. It should contain one host:port per line. --timeout=TIMEOUT Sets the timeout value in seconds used for every socket connection made to the target server(s). Default is 5s. <snip> |
or please check https://github.com/iSECPartners/sslyze/wiki
sslyze.py ( 192.168.10.14 ) -- Apache ( 192.168.10.15 )
| # python sslyze.py --regular 192.168.10.15 REGISTERING AVAILABLE PLUGINS ----------------------------- PluginCertInfo - OK PluginSessionRenegotiation - OK PluginCompression - OK PluginSessionResumption - OK PluginOpenSSLCipherSuites - OK CHECKING HOST(S) AVAILABILITY ----------------------------- 192.168.10.15:443 => 192.168.10.15:443 SCAN RESULTS FOR 192.168.10.15:443 - 192.168.10.15:443 ------------------------------------------------------ * Compression : Compression Support: Disabled * Certificate : Validation w/ Mozilla's CA Store: Certificate is NOT Trusted: self signed certificate Hostname Validation: MISMATCH SHA1 Fingerprint: zzz Common Name: mint Issuer: /CN=mint Serial Number: F9D92DA4F44A67B3 Not Before: Dec 8 08:34:51 2011 GMT Not After: Dec 5 08:34:51 2021 GMT Signature Algorithm: sha1WithRSAEncryption Key Size: 2048 * Session Renegotiation : Client-initiated Renegotiations: Rejected Secure Renegotiation: Supported * Session Resumption : With Session IDs: Supported (5 successful, 0 failed, 0 errors, 5 total attempts). With TLS Session Tickets: Supported Unhandled exception when processing --sslv2: utils.ctSSL.errors.ctSSLFeatureNotAvailable - SSLv2 disabled. * TLSV1_1 Cipher Suites : Rejected Cipher Suite(s): Hidden Preferred Cipher Suite: DHE-RSA-AES256-SHA 256 bits HTTP 200 OK Accepted Cipher Suite(s): DHE-RSA-CAMELLIA256-SHA 256 bits HTTP 200 OK <snip> |
| # python sslyze.py --sslv2--sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 --compression --reneg --resum --certinfo=basic --hide_rejected_ciphers --http_get 192.168.10.15 REGISTERING AVAILABLE PLUGINS ----------------------------- PluginCertInfo - OK PluginSessionRenegotiation - OK PluginCompression - OK PluginSessionResumption - OK PluginOpenSSLCipherSuites - OK CHECKING HOST(S) AVAILABILITY ----------------------------- 192.168.10.15:443 => 192.168.10.15:443 SCAN RESULTS FOR 192.168.10.15:443 - 192.168.10.15:443 ------------------------------------------------------ * Compression : Compression Support: Disabled * Session Renegotiation : Client-initiated Renegotiations: Rejected Secure Renegotiation: Supported * Certificate : Validation w/ Mozilla's CA Store: Certificate is NOT Trusted: self signed certificate Hostname Validation: MISMATCH SHA1 Fingerprint: zzz <snip> |
You can output the result as an xml file by specifying --xml_out=<file name>
| # python sslyze.py --sslv2 --sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 --compression --reneg --resum --certinfo=basic --hide_rejected_ciphers --http_get --xml_out=result.xml 192.168.10.15 |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.