Pentest-Tools.com LogoPentest-Tools.com Tools Docs
  1. SSL/TLS Scanner

SSL/TLS Scanner

About this tool

The SSL Scanner connects to the target port and attempts to negotiate various cipher suites and multiple SSL/TLS versions to determine weak configurations and common vulnerabilities (ex. POODLE, Heartbleed, DROWN, ROBOT, etc.). The deep version of the SSL Scanner scans multiple ports and services (HTTPS, SMTPs, IMAPs, etc.).

Transport Layer Security (TLS) and (now deprecated) Secure Sockets Layer (SSL) are cryptographic protocols meant to secure the communication between computer systems. They are being used to provide an encrypted communication channel over which other clear-text protocols (HTTP, SMTP, POP3, FTP, etc) can be securely used to transmit application-specific data.

However, since the introduction of SSLv2.0 in 1995 and the continuation to SSLv3.0, TLS1.0, TLS2.0, and the current TLS3.0, multiple weaknesses have been discovered in these protocols, making them vulnerable to cryptographic attacks which may allow attackers to decrypt the communication and gain access to sensitive data.

The SSL/TLS Vulnerability Scanner performs a security assessment of the configuration of the target SSL/TLS service, providing a list of weaknesses and vulnerabilities together with detailed recommendations for remediation.

The list of vulnerabilities detected by this scanner is:

  • Heartbleed

  • Ticketbleed

  • CCS Injection

  • POODLE

  • ROBOT

  • DROWN

  • Secure Renegotiation (server-side)

  • Secure Renegotiation (client-side)

  • CRIME

  • BREACH

  • FREAK

  • SWEET32

  • BEAST

  • LOGJAM

Parameters

  • Target: This specifies the target that will be scanned. It can be a single IP address or a hostname (ex. 8.8.8.8 or www.example.com)

  • Scan type - Light: Uses certificate issue and vulnerability detections on port 443.

  • Scan type - Deep: Scans on top 5000 most common TCP ports and uses certificate issue and vulnerability detections.

  • Scan type - Custom: Permits scanning engines and port customization. It requires at least one selected engine and runs on the top 1000 most common ports if no ports are selected.

  • Ports to scan - Common: (Custom scan type scans only) Scan between various preconfigured port lists: top 10, 100, 1000, 5000 most common ports or full port range. Defaults to top 1000 most common ports.

  • Ports to scan - Range: (Custom scan type scans only) You can specify a range of ports to be scanned. Valid ports are between 1 and 65535.

  • Ports to scan - List: (Custom scan type scans only) You can specify a comma-separated list of ports to be scanned.

How it works

The SSL Scanner uses a scanning engine based on the testssl.sh tool, together with multiple tweaks, adjustments, and improvements.

The scanner works by connecting to the target SSL server and trying various ciphers and SSL/TLS protocol versions to determine existing vulnerabilities.

All discovered issues are further interpreted by our scanner and properly formatted into a human-readable report.