A convenient tool for SSL cipher suites support scanning
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
.gitignore
LICENSE
README.md

README.md

ssl-inspector

A convenient tool written in Ruby for SSL cipher suites support scanning.

Disclaimer

I will not be taken responsible for the damage that could be done using this tool. It is shared as a tool for internal security auditing.

##Installation

user@host $ wget "https://raw.githubusercontent.com/xlucas/ssl-inspector/master/bin/ssl-inspector.rb" \
-o /usr/local/bin/ssl-inspector
user@host $ chmod +x !$

##Synopsis

Usage: ssl-inspector [options]
    -a, --authentication ALGORITHM   Specify an authentication algorithm
    -b, --bits [<|<=|=>|>]SIZE       Specify an encryption key size
    -e, --encryption ALGORITHM       Specify an encryption algorithm
    -h, --host HOST                  Specify target host
    -k, --keyexchange ALGORITHM      Specify a keyexchange algorithm
    -m, --mac ALGORITHM              Specify a MAC algorithm
    -n, --name NAME                  Specify a cipher suite partial or full name
    -p, --port PORT                  Specify target port
    -s, --specification PROTOCOL     Specification SSLv3 or TLSv1.{0,1,2}
    -v, --verbose                    Run in verbose mode
        --help                       Show this message

Usage examples

Scanning for POODLE

ssl-inspector -h www.domain.com -p 443 -s SSLv3 --name CBC

Checking for support of cipher suites using key size lower than 128 bits over SSLv3

ssl-inspector -h www.domain.com -p 443 -s SSLv3 --bits '<128'

Checking for support of cipher suites using SHA1 MAC over TLS1.0

ssl-inspector -h www.domain.com -p 443 -s TLSv1.0 --mac SHA

Checking for support of cipher suites not offering encryption over TLS1.0

ssl-inspector -h www.domain.com -p 443 -s TLSv1.0 --encryption NULL

Checking for support of cipher suites using DHE key exchange and DSS encryption with 256 bits key size over TLS1.2

ssl-inspector -h www.domain.com -p 443 -s TLSv1.2 -k DHE -e DSS -b 256

Requirement

Ruby 2.1 installed