Tool Tuesday – TLS/SSL Scanning Tools
There are countless tools and variants for testing TLS/SSL connections. With these three simple tools you can easily check your own configuration.
In a nutshell: TLS (Transport Layer Security) and its previous version SSL (Secure Socket Layer) are protocols that are used for encrypted data transmission. Various parameters are negotiated between the client and server during connection setup. Which parameters are available for negotiation is defined in the server configuration.
In order to check this configuration – whether for a penetration test or for the in-house compliance check – various tools are available to facilitate the work.
We picked three tools: O-Saft, sslscan and testssl and compared them with each other.
O-Saft
O-Saft first captivates with its original name. It is a Perl based scanner with a lot of options. The special feature is that O-Saft not only evaluates and outputs the offered ciphers of the server but the scanner can also open a TCP socket and send SSL/TLS handshakes. The big advantage of this method is that the presence of SSLv2 can be tested without additional or outdated libraries.
The output is in text form on the console. This can optionally be redirected to a file.
More information can be found at: https://github.com/OWASP/O-Saft
sslscan
sslcan must be installed or compiled. Self compiling has the advantage that you can use old openssl libraries to test SSLv2 or SSLv3 for example. The output appears very clear and divided into different colors on the console (great for screenshots). Alternatively, the output can be in the form of an XML file.
More information can be found at: https://github.com/rbsec/sslscan
testssl
testssl is a bash script. Therefore no installation or compilation is necessary. The scanner uses the current openssl version on the system. So only protocols and ciphers supported by the current openssl can be tested. The output is very extensive. It does not only give information about the used ciphers and certificates but also about possible vulnerabilities and attacks. In addition, the output can be written in various formats, such as a JSON file or CSV file, for further processing.
More information under: https://github.com/drwetter/testssl.sh
Do you have any questions about TLS/SSL security? Please feel free to contact us!
Recent posts
mgm sp @ Dresden
Our second office is located in Dresden, the capital of Saxony. Come have a look at our office there!
mgm sp @ Heise DevSec
With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec.
Pentest FAQ – #7 and #8 – What is a penetration test? And what is it not?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: : Questions #7 and #8 – What is a penetration test? And what is it not?
The Big Application Security Penetration Testing FAQ for Clients
Have you ever wondered what a pentest is exactly or how such a test works? Our Big Application Security Penetration Test FAQ for clients answers these questions and much more.
Tool Tuesday – nmap
One tool which should be installed on every pentester PC is nmap. This command line tool is the Swiss army knive for penetration tests on network level, but also used regularly by system administrators.
