kali工具箱

SSLyze包装说明

SSLyze是一个Python的工具，它可以通过连接到它分析服务器的SSL配置。它的设计是快速和全面的，应该帮助组织和测试人员找出配置错误影响了他们的SSL服务器。

主要功能包括：

多处理和多线程扫描（它的速度快）
SSL 2.0 / 3.0和TLS 1.0 / 1.1 / 1.2的兼容性
性能测试：会话恢复和TLS票支持
安全性测试：弱密码套件，不安全的重新谈判，犯罪，Heartbleed多
服务器证书验证和撤销，通过OCSP装订检查
支持对SMTP，XMPP，LDAP，POP，IMAP，RDP和FTP启动TLS握手
扫描执行相互验证的服务器时，支持客户端证书
XML输出，以进一步处理该扫描结果

资料来源：https://github.com/iSECPartners/sslyze
SSLyze首页 | 卡利SSLyze回购

作者：iSECPartners
许可：GPL第二版

包含在sslyze包工具

sslyze - 快速，全功能SSL扫描器

[email protected]:~# sslyze -h







 REGISTERING AVAILABLE PLUGINS

 -----------------------------



  PluginSessionResumption

  PluginOpenSSLCipherSuites

  PluginCompression

  PluginCertInfo

  PluginSessionRenegotiation







Usage: sslyze [options] target1.com target2.com:443 etc...



Options:

  --version             show program's version number and exit

  -h, --help            show this help message and exit

  --xml_out=XML_FILE    Writes the scan results as an XML document to the file

                        XML_FILE.

  --targets_in=TARGETS_IN

                        Reads the list of targets to scan from the file

                        TARGETS_IN. It should contain one host:port per line.

  --timeout=TIMEOUT     Sets the timeout value in seconds used for every

                        socket connection made to the target server(s).

                        Default is 5s.

  --https_tunnel=HTTPS_TUNNEL

                        Sets an HTTP CONNECT proxy to tunnel SSL traffic to

                        the target server(s). HTTP_TUNNEL should be

                        'host:port'. Requires Python 2.7

  --starttls=STARTTLS   Identifies the target server(s) as a SMTP or an XMPP

                        server(s) and scans the server(s) using STARTTLS.

                        STARTTLS should be 'smtp' or 'xmpp'.

  --xmpp_to=XMPP_TO     Optional setting for STARTTLS XMPP.  XMPP_TO should be

                        the hostname to be put in the 'to' attribute of the

                        XMPP stream. Default is the server's hostname.

  --regular             Regular HTTPS scan; shortcut for --sslv2 --sslv3

                        --tlsv1 --reneg --resum --certinfo --http_get

                        --hide_rejected_ciphers --compression --tlsv1_1

                        --tlsv1_2



  Client certificate support:

    --cert=CERT         Client certificate filename.

    --certform=CERTFORM

                        Client certificate format. DER or PEM (default).

    --key=KEY           Client private key filename.

    --keyform=KEYFORM   Client private key format. DER or PEM (default).

    --pass=KEYPASS      Client private key passphrase.



  PluginSessionResumption:

    Analyzes the target server's SSL session resumption capabilities.



    --resum             Tests the server for session ressumption support,

                        using session IDs and TLS session tickets (RFC 5077).

    --resum_rate        Performs 100 session resumptions with the target

                        server, in order to estimate the session resumption

                        rate.



  PluginOpenSSLCipherSuites:

    Scans the target server for supported OpenSSL cipher suites.



    --sslv2             Lists the SSL 2.0 OpenSSL cipher suites supported by

                        the server.

    --sslv3             Lists the SSL 3.0 OpenSSL cipher suites supported by

                        the server.

    --tlsv1             Lists the TLS 1.0 OpenSSL cipher suites supported by

                        the server.

    --tlsv1_1           Lists the TLS 1.1 OpenSSL cipher suites supported by

                        the server.

    --tlsv1_2           Lists the TLS 1.2 OpenSSL cipher suites supported by

                        the server.

    --http_get          Option - For each cipher suite, sends an HTTP GET

                        request after completing the SSL handshake and returns

                        the HTTP status code.

    --hide_rejected_ciphers

                        Option - Hides the (usually long) list of cipher

                        suites that were rejected by the server.



  PluginCompression:

    --compression       Tests the server for Zlib compression support.



  PluginCertInfo:

    --certinfo=CERTINFO

                        Verifies the target server's certificate validity

                        against Mozilla's trusted root store, and prints

                        relevant fields of the certificate. CERTINFO should be

                        'basic' or 'full'.



  PluginSessionRenegotiation:

    --reneg             Tests the target server's support for client-initiated

                        renegotiations and secure renegotiations.

sslyze用法示例

启动定期扫描类型（-regular）对目标主机（www.example.com）：

[email protected]:~# sslyze --regular www.example.com



 REGISTERING AVAILABLE PLUGINS

 -----------------------------



  PluginCompression

  PluginCertInfo

  PluginSessionResumption

  PluginSessionRenegotiation

  PluginOpenSSLCipherSuites







 CHECKING HOST(S) AVAILABILITY

 -----------------------------



   www.example.com:443                 => 93.184.216.119:443







 SCAN RESULTS FOR WWW.EXAMPLE.COM:443 - 93.184.216.119:443

 ---------------------------------------------------------



  * Compression :

        Compression Support:      Disabled



  * Certificate :

      Validation w/ Mozilla's CA Store:  Certificate is Trusted