Skip to content
NEW: auto-exploit Apache Arbitrary File Read & gain RCE with SNIPER

This tool is deprecated.
Its functionality has been embedded into the newer SSL Scanner. Try it for free.

SSLv3 POODLE vulnerability scanner

Discover servers vulnerable to POODLE

Sample Report | Use Cases | Technical Details

Need to see the full results?

Unlock the full power and feature of our SSLv3 POODLE vulnerability scanner! Compare pricing plans and discover more tools and features.

Sample Report

Here is a SSLv3 POODLE vulnerability scanner sample report:

  • Includes the IPs and hostnames that were found vulnerable
  • Shows the vulnerable cipher suites

Download Sample Report

Sample report

SSLv3 POODLE vulnerability scanner - Use Cases

The SSLv3 POODLE vulnerability scanner attempts to find SSL servers vulnerable to CVE-2014-3566, also known as POODLE (Padding Oracle On Downgraded Legacy) vulnerability.

Technical Details


This vulnerability may allow an attacker who is already man-in-the-middle (at the network level) to decrypt the static data from an SSL communication between the victim user and a vulnerable server. The attacker will probably try to obtain the HTTP cookies or other static data. For that, he needs to convince both the victim's browser and the server to speak SSLv3 and to use a vulnerable cipher (in Cipher Block Chaining mode). This could be done by forcing a downgrade during the SSL/TLS negociation.

When a vulnerable server is found, the tool displays the actual SSLv3 CBC cipher supported.


Parameter Description
Target host(s) Can be specified as an IP address or hostname.
Port The tool will scan for SSL service running on this port. Default: 443
Do reverse DNS When checked, the tool will attempt to do reverse DNS for the IP address. It will return the hostname of that IP configured in DNS. This option slows down the scan and is disabled by default.

How it works

The scanner first tries to determine if the target has the specified port open and then it tries to probe for the SSLv3 POODLE vulnerability.

The vulnerability is discovered by trying to negociate with the server an SSLv3 connection with a vulnerable CBC cipher. If the negociation succeeds, the host is declared vulnerable.