`

sslyze简介

 
阅读更多
项目地址:https://github.com/nabla-c0d3/sslyze
是一个SSL服务器配置分析工具。它的设计宗旨为为快速,广泛,可以用来帮助组织和测试人员识别这个错误配置
引用
root@kali:~# sslyze -h



REGISTERING AVAILABLE PLUGINS
-----------------------------

  PluginCompression
  PluginSessionRenegotiation
  PluginOpenSSLCipherSuites
  PluginCertInfo
  PluginSessionResumption



Usage: sslyze [options] target1.com target2.com:443 etc...

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  --xml_out=XML_FILE    Writes the scan results as an XML document to the file
                        XML_FILE.
  --targets_in=TARGETS_IN
                        Reads the list of targets to scan from the file
                        TARGETS_IN. It should contain one host:port per line.
  --timeout=TIMEOUT     Sets the timeout value in seconds used for every
                        socket connection made to the target server(s).
                        Default is 5s.
  --https_tunnel=HTTPS_TUNNEL
                        Sets an HTTP CONNECT proxy to tunnel SSL traffic to
                        the target server(s). HTTP_TUNNEL should be
                        'host:port'. Requires Python 2.7
  --starttls=STARTTLS   Identifies the target server(s) as a SMTP or an XMPP
                        server(s) and scans the server(s) using STARTTLS.
                        STARTTLS should be 'smtp' or 'xmpp'.
  --xmpp_to=XMPP_TO     Optional setting for STARTTLS XMPP.  XMPP_TO should be
                        the hostname to be put in the 'to' attribute of the
                        XMPP stream. Default is the server's hostname.
  --regular             Regular HTTPS scan; shortcut for --sslv2 --sslv3
                        --tlsv1 --reneg --resum --certinfo --http_get
                        --hide_rejected_ciphers --compression --tlsv1_1
                        --tlsv1_2

  Client certificate support:
    --cert=CERT         Client certificate filename.
    --certform=CERTFORM
                        Client certificate format. DER or PEM (default).
    --key=KEY           Client private key filename.
    --keyform=KEYFORM   Client private key format. DER or PEM (default).
    --pass=KEYPASS      Client private key passphrase.

  PluginCompression:
    --compression       Tests the server for Zlib compression support.

  PluginSessionRenegotiation:
    --reneg             Tests the target server's support for client-initiated
                        renegotiations and secure renegotiations.

  PluginOpenSSLCipherSuites:
    Scans the target server for supported OpenSSL cipher suites.

    --sslv2             Lists the SSL 2.0 OpenSSL cipher suites supported by
                        the server.
    --sslv3             Lists the SSL 3.0 OpenSSL cipher suites supported by
                        the server.
    --tlsv1             Lists the TLS 1.0 OpenSSL cipher suites supported by
                        the server.
    --tlsv1_1           Lists the TLS 1.1 OpenSSL cipher suites supported by
                        the server.
    --tlsv1_2           Lists the TLS 1.2 OpenSSL cipher suites supported by
                        the server.
    --http_get          Option - For each cipher suite, sends an HTTP GET
                        request after completing the SSL handshake and returns
                        the HTTP status code.
    --hide_rejected_ciphers
                        Option - Hides the (usually long) list of cipher
                        suites that were rejected by the server.

  PluginCertInfo:
    --certinfo=CERTINFO
                        Verifies the target server's certificate validity
                        against Mozilla's trusted root store, and prints
                        relevant fields of the certificate. CERTINFO should be
                        'basic' or 'full'.

  PluginSessionResumption:
    Analyzes the target server's SSL session resumption capabilities.

    --resum             Tests the server for session ressumption support,
                        using session IDs and TLS session tickets (RFC 5077).
    --resum_rate        Performs 100 session resumptions with the target
                        server, in order to estimate the session resumption
                        rate.


sslyze --tlsv1_2 --sslv3  www.xxx.com:443

sslyze.py --regular www.isecpartners.com:443 www.google.com
分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics