SSLscan is another type of port scanner similar to NMAP. However its objective is to scan SSL ports to determine what security protocols or ciphers supported and/or preferred.
In this blog post we will be looking at how to access and use SSLscan. It is very useful when it comes to testing security protocols accepted by sensitive servers.
Its important to note that the accepted security protocols of present is TLSv1.1 and above. The most preferred for utmost security is now TLSv1.2 upwards.
Lets get busy
Requirements for this lesson
- Kali Linux
- SSLSCAN TOOL
- A secure url to test. I will be testing https://www.google.com
1. Start you kali linux os. SSLSCAN is already installed on Kali so you do not have to bother installing it.
2. Type the following command in the terminal
sslscan https://www.google.com
3. This will scan the secured url and finally give you the output as seen in the screen shot
We will not look at the entries of the sslscan output one by one
4. From the screen shot it can be observed that the server accepts different ciphers as follows:
- TLS 1.0
- TLS 1.1
- TLS 1.2
5. Thus if you try to browse https://www.google.com on a browser that does not support these ciphers, the connection will NEVER be established.
Very old browser version will be in this category. Have a look at a few versions listed below:
- Internet Explorer version 1 – 6 does not support TLS protocols. You cannot browse google’s site on it. The browser is totally useless and very obsolete.
- Mozilla firefox version 1 – 26 supports up to TLS 1.0 protocol. This will work since its accepted. However once the support for TLS 1.0 is terminated (which will eventually), the browser becomes totally useless and obsolete.
6. A quick way to know the status of your browser is to check this site out from Qualys guard.
https://www.ssllabs.com/ssltest/viewMyClient.html.
It will scan your browser and advice on the security protocol that it accepts with other general security issues relating to browsers.
7. The details of the Cipher certificate is also displayed in the SSLSCAN output
What other basic command can be issued on SSLSCAN
1. To scan by Domain:
sslscan google.com
2. To scan for only accepted ciphers. Failed or rejected ciphers would be ignored in this scan:
sslscan –no-failed https://www.google.com
3. To scan only specific Cipher protocols:
sslscan –{protocol} {site to scan}
example
sslscan –tls1 https://www.google.com
This will scan for only TLS 1.0 protocols
4. To save output to xml:
sslscan –xml={filename} {site to be scanned}
example
sslscan –xml=/home/user/itcasxp.xml https://www.google.com
This will run the ssl scan and dump the output in an xml file in the specified location (users home directory in kali linux) to a file called itcasxp.xml
5. Need help?
sslscan –help
And that’s it for this post.
You can try your new scan toy sorry, tool on several Secured site to identify the types of secure protocols they accept.
I would like to here your feed back comments, if you found this content helpful.