User Tools

Site Tools


sslscan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

sslscan [2019/05/01 15:00]
admin created
sslscan [2019/05/01 15:00] (current)
admin
Line 4: Line 4:
  
 Highlight SSLv2 and SSLv3 ciphers in output. Highlight SSLv2 and SSLv3 ciphers in output.
 +
 Highlight CBC ciphers on SSLv3 (POODLE). Highlight CBC ciphers on SSLv3 (POODLE).
 +
 Highlight 3DES and RC4 ciphers in output. Highlight 3DES and RC4 ciphers in output.
 +
 Highlight PFS+GCM ciphers as good in output. Highlight PFS+GCM ciphers as good in output.
 +
 Highlight NULL (0 bit), weak (<40 bit) and medium (40 < n <= 56) ciphers in output. Highlight NULL (0 bit), weak (<40 bit) and medium (40 < n <= 56) ciphers in output.
 +
 Highlight anonymous (ADH and AECDH) ciphers in output (purple). Highlight anonymous (ADH and AECDH) ciphers in output (purple).
 +
 Hide certificate information by default (display with --get-certificate). Hide certificate information by default (display with --get-certificate).
 +
 Hide rejected ciphers by default (display with --failed). Hide rejected ciphers by default (display with --failed).
 +
 Added TLSv1.1 and TLSv1.2 support (merged from twwbond/​sslscan). Added TLSv1.1 and TLSv1.2 support (merged from twwbond/​sslscan).
 +
 Compiles if OpenSSL does not support SSLv2 ciphers (merged from digineo/​sslscan). Compiles if OpenSSL does not support SSLv2 ciphers (merged from digineo/​sslscan).
 +
 Supports IPv6 hostnames (can be forced with --ipv6). Supports IPv6 hostnames (can be forced with --ipv6).
 +
 Check for TLS compression (CRIME, disable with --no-compression). Check for TLS compression (CRIME, disable with --no-compression).
 +
 Disable cipher suite checking --no-ciphersuites. Disable cipher suite checking --no-ciphersuites.
 +
 Disable coloured output --no-colour. Disable coloured output --no-colour.
 +
 Removed undocumented -p output option. Removed undocumented -p output option.
 +
 Added check for OpenSSL HeartBleed (CVE-2014-0160,​ disable with --no-heartbleed). Added check for OpenSSL HeartBleed (CVE-2014-0160,​ disable with --no-heartbleed).
 +
 Flag certificates signed with MD5 or SHA-1, or with short (<2048 bit) RSA keys. Flag certificates signed with MD5 or SHA-1, or with short (<2048 bit) RSA keys.
 +
 Support scanning RDP servers with --rdp (credit skettler). Support scanning RDP servers with --rdp (credit skettler).
 +
 Added option to specify socket timeout. Added option to specify socket timeout.
 +
 Added option for static compilation (credit dmke). Added option for static compilation (credit dmke).
 +
 Added --sleep option to pause between requests. Added --sleep option to pause between requests.
 +
 Disable output for anything than specified checks --no-preferred. Disable output for anything than specified checks --no-preferred.
 +
 Determine the list of CAs acceptable for client certificates --show-client-cas. Determine the list of CAs acceptable for client certificates --show-client-cas.
 +
 Experimental build support on OSX (credit MikeSchroll). Experimental build support on OSX (credit MikeSchroll).
 +
 Flag some self-signed SSL certificates. Flag some self-signed SSL certificates.
 +
 Experimental Windows support (credit jtesta). Experimental Windows support (credit jtesta).
 +
 Display EC curve names and DHE key lengths with OpenSSL >= 1.0.2 --no-cipher-details. Display EC curve names and DHE key lengths with OpenSSL >= 1.0.2 --no-cipher-details.
 +
 Flag weak DHE keys with OpenSSL >= 1.0.2 --cipher-details. Flag weak DHE keys with OpenSSL >= 1.0.2 --cipher-details.
 +
 Flag expired certificates. Flag expired certificates.
 +
 Flag TLSv1.0 ciphers in output as weak. Flag TLSv1.0 ciphers in output as weak.
 +
 Experimental OSX support (static building only). Experimental OSX support (static building only).
 +
 Support for scanning PostgreSQL servers (credit nuxi). Support for scanning PostgreSQL servers (credit nuxi).
 +
 Check for TLS Fallback SCSV support. Check for TLS Fallback SCSV support.
 +
 Added StartTLS support for LDAP --starttls-ldap. Added StartTLS support for LDAP --starttls-ldap.
 +
 Added SNI support --sni-name (credit Ken). Added SNI support --sni-name (credit Ken).
 +
 Support STARTTLS for MySQL (credit bk2017). Support STARTTLS for MySQL (credit bk2017).
  
sslscan.txt ยท Last modified: 2019/05/01 15:00 by admin

(C) BlackWeb Security 2017 - 2019