SSL/TLS Audit version Alpha

In: Application Scanner , Information Gathering , SSL Audit

11 February 2010

SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites over all SSL and TLS versions.

Apart from scanning available ciphersuites it has an interesting tidbit : The Fingerprint mode (Experimental). Included is an experimental fingerprint engine that tries to determine the SSL Engine used server side. It does so by sending normal and malformed SSL packets that can be interpreted in different ways.

SSL Audit is able to fingerprint:

IIS7.5 (Schannel)
IIS7.0 (Schannel)
IIS 6.0 (Schannel)
Apache (Openssl)
Apache (NSS)
Certicom
RSA BSAFE

Known issues:

FP on SSLv2 (needs seperated HTTPS request to verify)
No way to export results

Read the Documentation

More information: here

Post scriptum

Download SSL/TLS Audit vAlpha

Compliance Mandates

Application Scanner :
PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

Application Scanner	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : WhatWeb just updated to v0.4.2 29 April 2010 : WhatWeb v0.4.1 - released 28 April 2010 : NSIA (Network System Integrity Analysis) v0.8.99 released 26 April 2010 : Acunetix WVS v6.5 build 20100419 released
Information Gathering	12 May 2010 : MetaGoofil v1.4b released 1 May 2010 : Lansweeper v4.0 released 1 May 2010 : OpenDLP v0.1 released 26 April 2010 : (update) Foca v2.0.1: in the wild 25 April 2010 : Skipfish v1.33b released
SSL Audit	11 February 2010 : SSL/TLS Audit version Alpha

SSL/TLS Audit version Alpha

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU