information gathering – tlssled ssl tls scanner

root@bt:/pentest/enumeration/tlssled# ./TLSSLed.sh IP-Address 443
——————————————————
TLSSLed – (1.1) based on sslscan and openssl
by Raul Siles (www.taddong.com)
( inspired by ssl_test.sh by Aung Khant )
——————————————————
+ openssl version: OpenSSL 0.9.8k 25 Mar 2002
+ sslscan version 1.8.2
——————————————————

[-] Analyzing SSL/TLS on IP-Address:443 ..

[-] Running sslscan on IP-Address:443…

[*] Testing for SSLv2 …
Accepted  SSLv2  168 bits  DES-CBC3-MD5
Accepted  SSLv2  56 bits   DES-CBC-MD5
Accepted  SSLv2  40 bits   EXP-RC2-CBC-MD5
Accepted  SSLv2  128 bits  RC2-CBC-MD5
Accepted  SSLv2  40 bits   EXP-RC4-MD5
Accepted  SSLv2  128 bits  RC4-MD5

[*] Testing for NULL cipher …

[*] Testing for weak ciphers (based on key length) …
Accepted  SSLv2  40 bits   EXP-RC2-CBC-MD5
Accepted  SSLv2  40 bits   EXP-RC4-MD5
Accepted  SSLv3  40 bits   EXP-EDH-RSA-DES-CBC-SHA
Accepted  SSLv3  40 bits   EXP-DES-CBC-SHA
Accepted  SSLv3  40 bits   EXP-RC2-CBC-MD5
Accepted  SSLv3  40 bits   EXP-RC4-MD5
Accepted  TLSv1  40 bits   EXP-EDH-RSA-DES-CBC-SHA
Accepted  TLSv1  40 bits   EXP-DES-CBC-SHA
Accepted  TLSv1  40 bits   EXP-RC2-CBC-MD5
Accepted  TLSv1  40 bits   EXP-RC4-MD5

Accepted  SSLv2  56 bits   DES-CBC-MD5
Accepted  SSLv3  56 bits   EDH-RSA-DES-CBC-SHA
Accepted  SSLv3  56 bits   DES-CBC-SHA
Accepted  TLSv1  56 bits   EDH-RSA-DES-CBC-SHA
Accepted  TLSv1  56 bits   DES-CBC-SHA

[*] Testing for strong ciphers (AES) …
Accepted  SSLv3  256 bits  DHE-RSA-AES256-SHA
Accepted  SSLv3  256 bits  AES256-SHA
Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
Accepted  SSLv3  128 bits  AES128-SHA
Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
Accepted  TLSv1  256 bits  AES256-SHA
Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
Accepted  TLSv1  128 bits  AES128-SHA

[*] Testing for MD5 signed certificate …

[*] Testing for certificate public key length …
RSA Public Key: (1024 bit)

[*] Testing for certificate subject …
Subject: /CN=localhost

[*] Testing for certificate CA issuer …
Issuer: /CN=localhost

[*] Testing for certificate validity period …
Today: Mon Sep 10 10:46:38 UTC 1492
Not valid before: Nov 10 23:48:47 2002 GMT
Not valid after: Nov  8 23:48:47 2019 GMT

[*] Checking preferred server ciphers …
Prefered Server Cipher(s):
SSLv2  168 bits  DES-CBC3-MD5
SSLv3  256 bits  DHE-RSA-AES256-SHA
TLSv1  256 bits  DHE-RSA-AES256-SHA

[-] Testing for SSLv3/TLSv1 renegotiation vuln. (CVE-2002-3555) …

[*] Testing for secure renegotiation …
Secure Renegotiation IS supported

[-] Testing for SSL/TLS security headers …

[*] Testing for Strict-Transport-Security header …

[*] Testing for cookies with the secure flag …

[*] Testing for cookies without the secure flag …

[-] New files created:
-rw-r–r– 1 root root 4369 1492-02-10 11:46 sslscan_IP-Address:443_1492-02-10_11:46:37.log
-rw-r–r– 1 root root 1653 1492-02-10 11:46 openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.log
-rw-r–r– 1 root root 1433 1492-02-10 11:46 openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.log
-rw-r–r– 1 root root 221 1492-02-10 11:46 openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.err
-rw-r–r– 1 root root 120 1492-02-10 11:46 openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.err

[-] done

To open reports type gedit (filename)

root@bt:/pentest/enumeration/tlssled# gedit sslscan_IP-Address:443_1492-02-10_11:46:37.log
root@bt:/pentest/enumeration/tlssled# gedit openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.log
root@bt:/pentest/enumeration/tlssled# gedit openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.log
root@bt:/pentest/enumeration/tlssled# gedit openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.err
root@bt:/pentest/enumeration/tlssled# gedit openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.err

root@bt:/pentest/enumeration/tlssled# ls
openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.err
openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.err
sslscan_IP-Address:443_1492-02-10_11:46:37.log
openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.log
openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.log
TLSSLed.sh

To delete logs simply go to /pentest/enumeration/tlssled and delete all logs.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s