SSL/TLS Audit version Alpha
SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites over all SSL and TLS versions.
Apart from scanning available ciphersuites it has an interesting tidbit : The Fingerprint mode (Experimental). Included is an experimental fingerprint engine that tries to determine the SSL Engine used server side. It does so by sending normal and malformed SSL packets that can be interpreted in different ways.
SSL Audit is able to fingerprint:
- IIS7.5 (Schannel)
- IIS7.0 (Schannel)
- IIS 6.0 (Schannel)
- Apache (Openssl)
- Apache (NSS)
- Certicom
- RSA BSAFE
Known issues:
- FP on SSLv2 (needs seperated HTTPS request to verify)
- No way to export results
Read the Documentation
More information: here
Post scriptum
Compliance Mandates
|
Related Articles
Application Scanner |
|
Information Gathering |
|
SSL Audit |
|