forked from withdk/ssl-enum
SSL Cipher Enumeration Tool
License
LucaBongiorni/ssl-enum
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Intro ------ I wrote this as a POC back in 2009 after an illuminating discussion with Roy Hills (NTA Monitor) relating to SSL. The discussion went something like this: "It would be great to code up a faster SSL cipher enumeration tool that didn't rely on OpenSSL and only performed the initial SSL HELLO request." The key advantages here are speed, by not requiring a full SSL handshake, and the ability to discover proprietary ciphers not supported by OpenSSL. Although I've made a couple of recent changes, this code is the result of a few late nights back in 2009 and should be considered ALPHA :) Installation ------------ $ make Usage ----- $ usage: ./ssl-enum -s hostname/ip (opt: -p 8443 -f otherciphers,-v[1-5],-k) -s hostname or IP address of target. -v1 Increase level of verbosity (v1 - v5). -f filename Allows alternate ciphers file. The default is cipher-list.txt. -k ends scan early if non-standard responses. Some SSL/TLS services don't respond with SSL errors so we assume its an UNSUPPORTED cipher. To complicate matters further, some Apache & IIS configurations will allow weak SSL connections but don't allow access at the application layer. This lets the web server produce a "pretty" error message but breaks SSL scanning. More work needed here.
About
SSL Cipher Enumeration Tool
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 98.9%
- Other 1.1%