Skip to content
This repository has been archived by the owner on Oct 7, 2018. It is now read-only.
/ ssl-inspector Public archive

A convenient tool for SSL cipher suites support scanning

License

Notifications You must be signed in to change notification settings

xlucas/ssl-inspector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 

Repository files navigation

ssl-inspector

A convenient tool written in Ruby for SSL cipher suites support scanning.

Disclaimer

I will not be taken responsible for the damage that could be done using this tool. It is shared as a tool for internal security auditing.

##Installation

user@host $ wget "https://raw.githubusercontent.com/xlucas/ssl-inspector/master/bin/ssl-inspector.rb" \
-o /usr/local/bin/ssl-inspector
user@host $ chmod +x !$

##Synopsis

Usage: ssl-inspector [options]
    -a, --authentication ALGORITHM   Specify an authentication algorithm
    -b, --bits [<|<=|=>|>]SIZE       Specify an encryption key size
    -e, --encryption ALGORITHM       Specify an encryption algorithm
    -h, --host HOST                  Specify target host
    -k, --keyexchange ALGORITHM      Specify a keyexchange algorithm
    -m, --mac ALGORITHM              Specify a MAC algorithm
    -n, --name NAME                  Specify a cipher suite partial or full name
    -p, --port PORT                  Specify target port
    -s, --specification PROTOCOL     Specification SSLv3 or TLSv1.{0,1,2}
    -v, --verbose                    Run in verbose mode
        --help                       Show this message

Usage examples

Scanning for POODLE

ssl-inspector -h www.domain.com -p 443 -s SSLv3 --name CBC

Checking for support of cipher suites using key size lower than 128 bits over SSLv3

ssl-inspector -h www.domain.com -p 443 -s SSLv3 --bits '<128'

Checking for support of cipher suites using SHA1 MAC over TLS1.0

ssl-inspector -h www.domain.com -p 443 -s TLSv1.0 --mac SHA

Checking for support of cipher suites not offering encryption over TLS1.0

ssl-inspector -h www.domain.com -p 443 -s TLSv1.0 --encryption NULL

Checking for support of cipher suites using DHE key exchange and DSS encryption with 256 bits key size over TLS1.2

ssl-inspector -h www.domain.com -p 443 -s TLSv1.2 -k DHE -e DSS -b 256

Requirement

Ruby 2.1 installed

About

A convenient tool for SSL cipher suites support scanning

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages