sslscan – Detect SSL Versions & Cipher Suites (Including TLS)

Command:

[Options] [host:port | host]

Options:

targets=<file>       A file containing a list of hosts to check.

       Hosts can  be supplied  with ports (host:port)

sniname=<name>      Hostname for SNI

ipv4                 Only use IPv4

ipv6                 Only use IPv6

showcertificate     Show full certificate information

nocheckcertificate    Dont warn about weak certificate algorithm or keys

showclientcas      Show trusted CAs for TLS client auth

showciphers         Show supported client ciphers

showcipherids      Show cipher ids

showtimes           Show handhake times in milliseconds

ssl2                 Only check SSLv2 ciphers

ssl3                 Only check SSLv3 ciphers

tls10                Only check TLSv1.0 ciphers

tls11                Only check TLSv1.1 ciphers

tls12                Only check TLSv1.2 ciphers

tlsall               Only check TLS ciphers (all versions)

ocsp                 Request OCSP response from server

pk=<file>            A file containing the private key or a PKCS#12 file

                       containing a private key/certificate pair

pkpass=<password>    The password for the private  key or PKCS#12 file

certs=<file>         A file containing PEM/ASN1 formatted client certificates

nociphersuites      Do not check for supported ciphersuites

nofallback          Do not check for TLS Fallback SCSV

norenegotiation     Do not check for TLS renegotiation

nocompression       Do not check for TLS compression (CRIME)

noheartbleed        Do not check for OpenSSL Heartbleed (CVE20140160)

starttlsftp         STARTTLS setup for FTP

starttlsimap        STARTTLS setup for IMAP

starttlsirc         STARTTLS setup for IRC

starttlsldap        STARTTLS setup for LDAP

starttlspop3        STARTTLS setup for POP3

starttlssmtp        STARTTLS setup for SMTP

starttlsxmpp        STARTTLS setup for XMPP

starttlspsql        STARTTLS setup for PostgreSQL

xmppserver          Use a servertoserver XMPP handshake

http                 Test a HTTP connection

rdp                  Send RDP preamble before starting scan

bugs                 Enable SSL implementation bug workarounds

timeout=<sec>        Set socket timeout. Default is 3s

sleep=<msec>         Pause between connection request. Default is disabled

xml=<file>           Output results to an XML file

                       <file> can be , which means stdout

version              Display the program version

verbose              Display verbose output

nocipherdetails    Disable EC curve names and EDH/RSA key lengths output

nocolour            Disable coloured output

help                 Display the  help text  you are  now reading

Leave a Reply