SSLScan v1.8.2 - Fast SSL Scanner


SSLScan determines what ciphers are supported on SSL-based services, such as HTTPS. Furthermore, SSLScan will determine the prefered ciphers of the SSL service.

Requirements

SSLScan requires the GNU C compiler and the OpenSSL library. Both of these are usually installed by default on a number of Linux distributions. Although this program has not been tested on other platforms it should work if the requirements have been met.

Building

To build SSLScan, first extract the archive and change into the source directory. Then execute the following command:

gcc -lssl -o sslscan sslscan.c

On Apple Mac OS X you will need to install the ports version of OpenSSL as the version that comes with your Mac is missing a few things. So if you don't already have ports installed, download it from www.macports.org. You can install the latest OpenSSL using the following command:

sudo port install openssl
SSL Scan can then be built using the following command:

gcc -I/opt/local/include -L/opt/local/lib -lssl -lcrypto -o sslscan sslscan.c
Running

In its simplist form, SSLScan can be run with only one parameter, just specify the host to test. SSLScan will default to port 443 if a port is not specified. The following screenshot shows SSLScan being run, testing only the SSLv2 ciphers.


The command line arguements for SSLScan are:

Command:
  sslscan [Options] [host:port | host]

Options:
  --targets=           A file containing a list of hosts to
                       check.  Hosts can  be supplied  with
                       ports (i.e. host:port).
  --no-failed          List only accepted ciphers  (default
                       is to listing all ciphers).
  --ssl2               Only check SSLv2 ciphers.
  --ssl3               Only check SSLv3 ciphers.
  --tls1               Only check TLSv1 ciphers.
  --pk=                A file containing the private key or
                       a PKCS#12  file containing a private
                       key/certificate pair (as produced by
                       MSIE and Netscape).
  --pkpass=            The password for the private  key or
                       PKCS#12 file.
  --certs=             A file containing PEM/ASN1 formatted
                       client certificates.
  --starttls           If a STARTTLS is required to kick an
                       SMTP service into action.
  --http               Test a HTTP connection.
  --bugs               Enable SSL implementation  bug work-
                       arounds.
  --xml=               Output results to an XML file.
  --version            Display the program version.
  --help               Display the  help text  you are  now
Third Party

Jabra has developed an XML parser for SSLScan which can be downloaded from http://search.cpan.org/~jabra/.

Downloads
Download sslscan-1.8.2.tgz (22.2 kB)
Download other versions
Screenshot -