Loading...

SSLv3 POODLE vulnerability scanner 20 Credits

Discover servers vulnerable to POODLE

Sample Report

|

Use Cases

|

Technical Details

Sample Report

Here is a SSLv3 POODLE vulnerability scanner sample report:

  • Includes the IPs and hostnames that were found vulnerable
  • Shows the vulnerable cipher suites

See also a sample pdf report.

SSLv3 POODLE vulnerability scanner - Use Cases

The SSLv3 POODLE vulnerability scanner attempts to find SSL servers vulnerable to CVE-2014-3566, also known as POODLE (Padding Oracle On Downgraded Legacy) vulnerability.

Technical Details


About

This vulnerability may allow an attacker who is already man-in-the-middle (at the network level) to decrypt the static data from an SSL communication between the victim user and a vulnerable server. The attacker will probably try to obtain the HTTP cookies or other static data. For that, he needs to convince both the victim's browser and the server to speak SSLv3 and to use a vulnerable cipher (in Cipher Block Chaining mode). This could be done by forcing a downgrade during the SSL/TLS negociation.

When a vulnerable server is found, the tool displays the actual SSLv3 CBC cipher supported.


Parameters

Parameter Description
Target host(s) Can be specified as IP range, single IP or hostname. An IP range can be specified like 100.101.102.1-254. Maximum 255 hosts can be scanned in a row.
Port The tool will scan for SSL service running on this port. Default: 443
Do reverse DNS When checked, the tool will attempt to do reverse DNS for each live IP in the IP range. It will return the hostname of that IP configured in DNS. This option slows down the scan and is disabled by default.


How it works

The scanner first tries to determine which hosts from the target range have the specified port open and then it tries to probe for the SSLv3 POODLE vulnerability.

The vulnerability is discovered by trying to negociate with the server an SSLv3 connection with a vulnerable CBC cipher. If the negociation succeeds, the host is declared vulnerable.