OpenSSL DROWN vulnerability scanner

Discover SSL servers vulnerable to DROWN attack

Sample Report | Use Cases | Technical Details

Sample Report

Here is a OpenSSL DROWN vulnerability scanner sample report:

  • Includes the IPs and hostnames that were found vulnerable
  • Shows the vulnerable cipher suites

Download Sample Report

Sample report

OpenSSL DROWN vulnerability scanner - Use Cases

The DROWN vulnerability scanner tests an IP address or hostname for the DROWN vulnerability in OpenSSL.

Technical Details


The DROWN attack (Decrypting RSA With Obsolete and Weakened Encryption) can decrypt modern TLS sessions between a client and a server if that particular server (or another server that shares the same SSL certificate) supports SSLv2 cipher suites.

The attack is facilitated by a series of vulnerabilities in the SSLv2 implementation of OpenSSL:
  • CVE-2016-0800 - allows the "General DROWN" attack
  • CVE-2015-3197 - this allows using SSLv2 ciphers even if they are explicitly disabled by the server
  • CVE-2016-0703 - this permits a much faster version of the attack, called "Special DROWN"
The scanner is capable of discovering all these vulnerabilities on the target services.

The cross-protocol nature of the DROWN attack makes it more dangerous in the case where the target server is fully secure (ex. a web server that uses TLS v1.2) but another server (ex. SMTPS) from the company/organization is vulnerable because it uses SSLv2 and the same SSL certificate as the target server. In this case, an attacker could use the vulnerable SSLv2 server to decrypt the communication of clients with the secure web server.

The OpenSSL DROWN vulnerability scanner is based on the public scanner for DROWN, but improved in terms of speed, accuracy and multi-protocol testing capabilities.


Parameter Description
Target host(s) This specifies the target that will be tested for DROWN. It can be in the form a single IP adddress or a hostname. When a single IP/hostname is scanned, the tool will provide additional details such as the cipher suites supported by the vulnerable server.
Target service This is the service that will be scanned for DROWN vulnerability. The supported protocols are: HTTPS (default), SMTPS, IMAPS, POP3S and FTPS.

How it works

The OpenSSL DROWN vulnerability scanner attempts to initiate SSLv2 connections with the target service by using a set of vulnerable cipher suites (specific to SSLv2):
  • RC4_128_EXPORT40_WITH_MD5
  • RC4_128_WITH_MD5
In case of SMTP, IMAP, POP3 and FTP, the tool will send the STARTTLS command before initiating the SSLv2 handshake.

The full technical details of the DROWN attack are presented in the original paper DROWN: Breaking TLS using SSLv2.