root@bt:/pentest/enumeration/tlssled# ./TLSSLed.sh IP-Address 443
——————————————————
TLSSLed – (1.1) based on sslscan and openssl
by Raul Siles (www.taddong.com)
( inspired by ssl_test.sh by Aung Khant )
——————————————————
+ openssl version: OpenSSL 0.9.8k 25 Mar 2002
+ sslscan version 1.8.2
——————————————————
[-] Analyzing SSL/TLS on IP-Address:443 ..
[-] Running sslscan on IP-Address:443…
[*] Testing for SSLv2 …
Accepted SSLv2 168 bits DES-CBC3-MD5
Accepted SSLv2 56 bits DES-CBC-MD5
Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
Accepted SSLv2 128 bits RC2-CBC-MD5
Accepted SSLv2 40 bits EXP-RC4-MD5
Accepted SSLv2 128 bits RC4-MD5
[*] Testing for NULL cipher …
[*] Testing for weak ciphers (based on key length) …
Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
Accepted SSLv2 40 bits EXP-RC4-MD5
Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted SSLv3 40 bits EXP-DES-CBC-SHA
Accepted SSLv3 40 bits EXP-RC2-CBC-MD5
Accepted SSLv3 40 bits EXP-RC4-MD5
Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 40 bits EXP-RC4-MD5
Accepted SSLv2 56 bits DES-CBC-MD5
Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA
Accepted SSLv3 56 bits DES-CBC-SHA
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
[*] Testing for strong ciphers (AES) …
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
[*] Testing for MD5 signed certificate …
[*] Testing for certificate public key length …
RSA Public Key: (1024 bit)
[*] Testing for certificate subject …
Subject: /CN=localhost
[*] Testing for certificate CA issuer …
Issuer: /CN=localhost
[*] Testing for certificate validity period …
Today: Mon Sep 10 10:46:38 UTC 1492
Not valid before: Nov 10 23:48:47 2002 GMT
Not valid after: Nov 8 23:48:47 2019 GMT
[*] Checking preferred server ciphers …
Prefered Server Cipher(s):
SSLv2 168 bits DES-CBC3-MD5
SSLv3 256 bits DHE-RSA-AES256-SHA
TLSv1 256 bits DHE-RSA-AES256-SHA
[-] Testing for SSLv3/TLSv1 renegotiation vuln. (CVE-2002-3555) …
[*] Testing for secure renegotiation …
Secure Renegotiation IS supported
[-] Testing for SSL/TLS security headers …
[*] Testing for Strict-Transport-Security header …
[*] Testing for cookies with the secure flag …
[*] Testing for cookies without the secure flag …
[-] New files created:
-rw-r–r– 1 root root 4369 1492-02-10 11:46 sslscan_IP-Address:443_1492-02-10_11:46:37.log
-rw-r–r– 1 root root 1653 1492-02-10 11:46 openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.log
-rw-r–r– 1 root root 1433 1492-02-10 11:46 openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.log
-rw-r–r– 1 root root 221 1492-02-10 11:46 openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.err
-rw-r–r– 1 root root 120 1492-02-10 11:46 openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.err
[-] done
To open reports type gedit (filename)
root@bt:/pentest/enumeration/tlssled# gedit sslscan_IP-Address:443_1492-02-10_11:46:37.log
root@bt:/pentest/enumeration/tlssled# gedit openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.log
root@bt:/pentest/enumeration/tlssled# gedit openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.log
root@bt:/pentest/enumeration/tlssled# gedit openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.err
root@bt:/pentest/enumeration/tlssled# gedit openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.err
root@bt:/pentest/enumeration/tlssled# ls
openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.err
openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.err
sslscan_IP-Address:443_1492-02-10_11:46:37.log
openssl_HEAD_IP-Address:443_1492-02-10_11:46:37.log
openssl_RENEG_IP-Address:443_1492-02-10_11:46:37.log
TLSSLed.sh
To delete logs simply go to /pentest/enumeration/tlssled and delete all logs.