SSL/TLS Vulnerability Scanner

Transport Layer Security (TLS) and (now deprecated) Secure Sockets Layer (SSL) are cryptographic protocols meant to secure the communication between computer systems. They are being used to provide an encrypted communication channel over which other clear-text protocols (HTTP, SMTP, POP3, FTP, etc) can be securely used to transmit application specific data.

However, since the introduction of SSLv2.0 in 1995 and the continuation to SSLv3.0, TLS1.0, TLS2.0 and the current TLS3.0, multiple weaknesses have been discovered in these protocols, making them vulnerable to cryptographic attacks which may allow attackers to decrypt the communication and gain access to sensitive data.

The SSL/TLS Vulnerability Scanner performs a security assessment of the configuration of the target SSL/TLS service, providing a list of weaknesses and vulnerabilities together with detailed recommendations for remediation.

The list of vulnerabilities detected by this scanner is:

•   Heartbleed
•   Ticketbleed
•   CCS Injection
•   POODLE
•   ROBOT
•   DROWN
•   Secure Renegotiation (server-side)
•   Secure Renegotiation (client-side)
•   CRIME
•   BREACH
•   FREAK
•   SWEET32
•   BEAST
•   LOGJAM

Parameter	Description
Target host	The hostname or IP address of the SSL/TLS server to be scanned.
Target port(s)	The SSL/TLS port to connect to. Multiple ports can be specified at once (comma separated) like: 443, 21, 25, 110.
Auto detect SSL/TLS	When this option is enabled, the tool automatically scans the target host for the top 100 most common TCP ports, identifying the ones who have SSL/TLS support.

The SSL Scanner uses a scanning engine based on the testssl.sh tool, together with multiple tweaks, adjustments and improvements.

The scanner works by connecting to the target SSL server and trying various ciphers and SSL/TLS protocol versions in order to determine existing vulnerabilities.

All discovered issues are further interpreted by our scanner and properly formatted into a human readable report.