Rappel :

Attention dans cet article l'outils est utilisé pour la recherche et l'apprentissage. Ce type d'outils ne doit pas être utilisé vers un serveur qui ne vous appartient pas, ceci peut être puni par la loi (voir les articles 323-XX).

Environnement de test :

Pour cela nous allons utiliser une VM tournant sur la distribution Kali. SSLScan est installé de base sur Kali.

Utilisation :

La commande et ses options

 1 root@kali:~# sslscan -h
 2                    _
 3            ___ ___| |___  ___ __ _ _ __
 4           / __/ __| / __|/ __/ _` | '_ \
 5           \__ \__ \ \__ \ (_| (_| | | | |
 6           |___/___/_|___/\___\__,_|_| |_|
 7 
 8 
 9         1.11.5-static
10         OpenSSL 1.0.2h-dev  xx XXX xxxx
11 Command:
12   sslscan [Options] [host:port | host]
13 
14 Options:
15   --targets=<file>     A file containing a list of hosts to check.
16                        Hosts can  be supplied  with ports (host:port)
17   --ipv4               Only use IPv4
18   --ipv6               Only use IPv6
19   --show-certificate   Show full certificate information
20   --no-check-certificate  Don't warn about weak certificate algorithm or keys
21   --show-client-cas    Show trusted CAs for TLS client auth
22   --show-ciphers       Show supported client ciphers
23   --show-cipher-ids    Show cipher ids
24   --show-times         Show handhake times in milliseconds
25   --ssl2               Only check SSLv2 ciphers
26   --ssl3               Only check SSLv3 ciphers
27   --tls10              Only check TLSv1.0 ciphers
28   --tls11              Only check TLSv1.1 ciphers
29   --tls12              Only check TLSv1.2 ciphers
30   --tlsall             Only check TLS ciphers (all versions)
31   --ocsp               Request OCSP response from server
32   --pk=<file>          A file containing the private key or a PKCS#12 file
33                        containing a private key/certificate pair
34   --pkpass=<password>  The password for the private  key or PKCS#12 file
35   --certs=<file>       A file containing PEM/ASN1 formatted client certificates
36   --no-ciphersuites    Do not check for supported ciphersuites
37   --no-renegotiation   Do not check for TLS renegotiation
38   --no-compression     Do not check for TLS compression (CRIME)
39   --no-heartbleed      Do not check for OpenSSL Heartbleed (CVE-2014-0160)
40   --starttls-ftp       STARTTLS setup for FTP
41   --starttls-imap      STARTTLS setup for IMAP
42   --starttls-irc       STARTTLS setup for IRC
43   --starttls-pop3      STARTTLS setup for POP3
44   --starttls-smtp      STARTTLS setup for SMTP
45   --starttls-xmpp      STARTTLS setup for XMPP
46   --starttls-psql      STARTTLS setup for PostgreSQL
47   --xmpp-server        Use a server-to-server XMPP handshake
48   --http               Test a HTTP connection
49   --rdp                Send RDP preamble before starting scan
50   --bugs               Enable SSL implementation bug work-arounds
51   --timeout=<sec>      Set socket timeout. Default is 3s
52   --sleep=<msec>       Pause between connection request. Default is disabled
53   --xml=<file>         Output results to an XML file
54   --version            Display the program version
55   --verbose            Display verbose output
56   --no-cipher-details  Disable EC curve names and EDH/RSA key lengths output
57   --no-colour          Disable coloured output
58   --help               Display the  help text  you are  now reading
59 
60 Example:
61   sslscan 127.0.0.1
62   sslscan [::1]

La commande de base

 1 root@kali:~# sslscan mail.google.com
 2 Version: 1.11.5-static
 3 OpenSSL 1.0.2h-dev  xx XXX xxxx
 4 
 5 Testing SSL server mail.google.com on port 443
 6 
 7   TLS renegotiation:
 8 Secure session renegotiation supported
 9 
10   TLS Compression:
11 Compression disabled
12 
13   Heartbleed:
14 TLS 1.2 not vulnerable to heartbleed
15 TLS 1.1 not vulnerable to heartbleed
16 TLS 1.0 not vulnerable to heartbleed
17 
18   Supported Server Cipher(s):
19 Preferred TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
20 Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
21 Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
22 Accepted  TLSv1.2  128 bits  AES128-SHA                   
23 Accepted  TLSv1.2  128 bits  AES128-SHA256                
24 Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
25 Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
26 Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
27 Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
28 Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
29 Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
30 Accepted  TLSv1.2  256 bits  AES256-SHA                   
31 Accepted  TLSv1.2  256 bits  AES256-SHA256                
32 Preferred TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
33 Accepted  TLSv1.1  128 bits  AES128-SHA                   
34 Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
35 Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
36 Accepted  TLSv1.1  256 bits  AES256-SHA                   
37 Preferred TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
38 Accepted  TLSv1.0  128 bits  AES128-SHA                   
39 Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
40 Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
41 Accepted  TLSv1.0  256 bits  AES256-SHA                   
42 
43   SSL Certificate:
44 Signature Algorithm: sha256WithRSAEncryption
45 RSA Key Strength:    2048
46 
47 Subject:  mail.google.com
48 Altnames: DNS:mail.google.com, DNS:inbox.google.com
49 Issuer:   Google Internet Authority G2
50 
51 Not valid before: Jul 20 10:25:50 2016 GMT
52 Not valid after:  Oct 12 09:58:00 2016 GMT