Home Free Hacking Tools SSLyze: A Python Tool For Analyzing SSL Configurations

SSLyze: A Python Tool For Analyzing SSL Configurations

by Unallocated Author
written by Unallocated Author

Today, we talk about SSLyze. SSLyze is a Python tool that can analyze the SSL configuration of a server. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.

Key features include:

  • Multi-processed and multi-threaded scanning (it’s fast)
  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
  • Performance testing: session resumption and TLS tickets support
  • Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more
  • Server certificate validation and revocation checking through OCSP stapling
  • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
  • Support for client certificates when scanning servers that perform mutual authentication
  • XML output to further process the scan results
Source: https://github.com/iSECPartners/sslyze
SSLyze Homepage | Kali SSLyze Repo
  • Author: iSECPartners
  • License: GPLv2

Let’s get started.

First, we need to install SSLyze. Before installing SSLyze, we need to install python setuptools using the following command:

pip install --upgrade setuptools

SSLyze_1

Then we install SSLyze using the following command:

pip install --upgrade sslyze

SSLyze_2

Then when the installation is completed, you shall see a screen similar to this:

SSLyze_4

At this level, you managed to successfully install sslyze.

Now, let’s use the tool and find out what it can really do.

To start SSLyze and go to the help menu, simple type the following command:

sslyze -h

SSLyze_5

 

To extract the configuration of a particular website, type the following command:

sslyze –-regular www.yahoo.com

(Here, we took www.yahoo.com as an example, you can replace it with any website of your choice)

Your screen should look like that (if you used www.yahoo.com):

SSLyze_6

SSLyze_7

You can scroll down your terminal to see what information the tool has extracted.

You can also go back to the help menu and utilize the commands available until you get what you want.

What Bunny Rating Does it Get

SSLyze is an effective tool to extract ssl configuration about the server. It allows the hacker to gather information such as the issue date, the public key, the key size, status etc. It also provides information whether the OpenSSL heartbleed vulnerability is present or not. This is a powerful tool and I would give it a 5 out of 5 rating.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

You may also like

BruteDum- A network attack bruteforce tool

MHDDoS – A DDoS Attack Script With Over...

A Review of DNS Enumeration Tool: DNSEnum

Harvest Subdomains with DNSHarvester

GRR Rapid Response Github Tool

Facebook Account Bruteforcer

WiFiDuck BadUSB Tester

cSploit – A Network Analyzer on Android

Minimalistic OffSec Scanner – A Powerful TCP and...

PuTTY SSH Bruteforce Login Script