Skip to main content

SSL/TLS Scanner

Scan type

  • Light scan

Read the Terms of Service

Discover SSL and TLS configuration issues and vulnerabilities such as POODLE, Heartbleed, DROWN, ROBOT, Ticketbleed, and more.

Reporting

Sample SSL/TLS Scanner report

Here is a sample report from our SSL/TLS Scanner that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Shows the status of your SSL server configuration

  • Includes information about the SSL Certificate

  • Provides remediation measures and references

See sample report
SSL/TLS Scanner Report Sample

How to use the pentesting tool

Use Cases for SSL/TLS Scanner

The SSL Scanner connects to the target port and tries to negotiate various cipher suites and multiple SSL/TLS versions to discover weak configurations and common vulnerabilities (e.g., POODLE, Heartbleed, DROWN, ROBOT, etc.). The deep version of the SSL Scanner scans multiple ports and services (HTTPS, SMTPs, IMAPs, etc.)

Better vulnerability discovery.Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Create your account
Pentest-Tools.com SSL/TLS Scanner Sample Report

SSL/TLS Scanner

Technical details

Transport Layer Security (TLS) and (now deprecated) Secure Sockets Layer (SSL) are cryptographic protocols meant to secure communication between computer systems. They are used to provide an encrypted communication channel over which other clear-text protocols (HTTP, SMTP, POP3, FTP, etc.) can be securely used to transmit application-specific data.

However, since the introduction of SSLv2.0 in 1995 and the continuation to SSL v3.0, TLS 1.0, TLS 2.0, and the current TLS 3.0, multiple weaknesses have been discovered in these protocols, making them vulnerable to cryptographic attacks that can allow attackers to decrypt the communication and gain access to sensitive data.

The SSL/TLS Vulnerability Scanner performs a security assessment of the configuration of the target SSL/TLS service to provide a list of weaknesses and vulnerabilities packed with detailed recommendations for remediation.

The list of vulnerabilities detected by this scanner includes:

  • Heartbleed
  • Ticketbleed
  • CCS Injection
  • POODLE
  • ROBOT
  • DROWN
  • Secure Renegotiation (server-side)
  • Secure Renegotiation (client-side)
  • CRIME
  • BREACH
  • FREAK
  • SWEET32
  • BEAST
  • LOGJAM

Parameters

ParameterDescription
Target hostThe hostname or IP address of the SSL/TLS server to be scanned.
Target port(s)The SSL/TLS port to connect to. Multiple ports can be specified at once (comma separated) like 443, 21, 25, 110.
Auto detect SSL/TLSWhen this option is enabled, the tool automatically scans the target host for the top 100 most common TCP and UDP ports, identifying the ones that have SSL/TLS support.

How it works

The SSL Scanner uses a scanning engine based on the testssl.sh tool, together with multiple tweaks, adjustments, and improvements.

The scanner starts by connecting to the target SSL server and trying various ciphers and SSL/TLS protocol versions to discover existing vulnerabilities.

All discovered issues are further interpreted by our scanner and integrated into a human-readable report.