SSL Certificate checker and scanning tools

Analyzing your SSL certificates is very important in today’s world, to make sure your website is configured properly with SSL/TLS. Misconfigured SSL/TLS can make your website and application vulnerable to attacks.  This article talks about ssl scan tools.

There are online tools and tools that can install on your premise to perform this SSL analysis. Here are some tools that can check and provide information about your websites with SSL. These tools also can be part of scripts that can analyze SSL, if you have multiple internal and public facing SSL websites.

sslscan [ https://github.com/rbsec/sslscan ]

SSLscan utility queries SSL/TLS services, such as HTTPS, in order to determine the ciphers that are supported. It is designed to be easy, lean and fast. The output includes preferred ciphers of the SSL/TLS service, and text and XML output formats are supported. The output is color-coded to indicate security vulnerability issues in your endpoint. This can be used to scan internal or public-facing endpoints. 

 

Nmap :

You can also use Nmap to detect the ciphers supported on your endpoint, by using the “ssl-enum-ciphers” nmap script. This script repeatedly initiates SSLv3/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the cipher suites and compressors that a server accepts. Each cipher suite is shown with a letter grade (A through F) indicating the strength of the connection. The grade is based on the cryptographic strength of the key exchange and of the stream cipher. The scoring is based on the Qualys SSL Labs SSL Server Rating Guide.

 

Usage : nmap –script ssl-enum-ciphers -p PORT SERVERNAME

 

Sslyze [ https://github.com/nabla-c0d3/sslyze ]

SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive and should help organizations and testers identify misconfigurations affecting their SSL/TLS servers. Scan results can be written to an XML or JSON file for further processing. And, SSLyze can be used as a Python module in order to run scans and process the results directly in Python – which makes it easy for programming.

Usage : sslyze –regular servername:port

Openssl

You can also simply use OpenSSL to analyze your SSL endpoint. You can check the SSL certificate expiry and various other details using this.

Usage : openssl s_client -connect yahoo.com:443 -prexit -showcerts -state -status

 

There are some more handy tools, as below

 

For online SSL assessment and analysis, you can rely on https://www.ssllabs.com/ssltest/ 

More SSL assessment tools list can be found at https://github.com/ssllabs/research/wiki/Assessment-Tools

 

 

Leave a Reply