The DROWN attack (Decrypting RSA With Obsolete and Weakened Encryption) can decrypt modern TLS sessions between a client and a server if that particular server (or another server that shares the same SSL certificate) supports SSLv2 cipher suites.
The attack is facilitated by a series of vulnerabilities in the SSLv2 implementation of OpenSSL:
CVE-2015-3197 - this allows using SSLv2 ciphers even if they are explicitly disabled by the server
CVE-2016-0703 - this permits a much faster version of the attack, called "Special DROWN"
The scanner is capable of discovering all these vulnerabilities on the target services.
The cross-protocol nature of the DROWN attack makes it more dangerous in the case where the target server is fully secure (ex. a web server that uses TLS v1.2) but another server (ex. SMTPS) from the company/organization is vulnerable because it uses SSLv2 and the same SSL certificate as the target server. In this case, an attacker could use the vulnerable SSLv2 server to decrypt the communication of clients with the secure web server.
The OpenSSL DROWN vulnerability scanner is based on the public scanner for DROWN, but improved in terms of speed, accuracy and multi-protocol testing capabilities.
This specifies the target that will be tested for DROWN. It can be in the form of an IP range (ex. 100.101.102.1-254), a single IP or a hostname. Maximum 255 hosts can be scanned at a time. When a single IP/hostname is scanned, the tool will provide additional details such as the cipher suites supported by the vulnerable server.
This is the service that will be scanned for DROWN vulnerability. The supported protocols are: HTTPS (default), SMTPS, IMAPS, POP3S and FTPS.
How it works
The OpenSSL DROWN vulnerability scanner attempts to initiate SSLv2 connections with the target service by using a set of vulnerable cipher suites (specific to SSLv2):
In case of SMTP, IMAP, POP3 and FTP, the tool will send the STARTTLS command before initiating the SSLv2 handshake.