Skip to content
Loading...

SSL/TLS Vulnerability Scanner

Discover SSL and TLS configuration issues and vulnerabilities like: POODLE, Heartbleed, DROWN, ROBOT, Ticketbleed and more.

Sample Report | Use Cases | Technical Details

Need to see the full results?

Unlock the full power and feature of our SSL/TLS Vulnerability Scanner! Compare pricing plans and discover more tools and features.

Sample Report

Here is a SSL/TLS Vulnerability Scanner sample report:

  • Shows the status of your SSL server configuration
  • Includes information about the SSL certificate
  • Provides remediation measures and references

Download Sample Report

Sample report

SSL/TLS Vulnerability Scanner - Use Cases

The SSL Scanner connects to the target port and attempts negotiate various cipher suites and multiple SSL/TLS versions in order to determine weak configurations and common vulnerabilities (ex. POODLE, Heartbleed, DROWN, ROBOT etc.). The full version of the SSL Scanner scans multiple ports and services (HTTPS, SMTPs, IMAPs, etc.).

Technical Details


About

Transport Layer Security (TLS) and (now deprecated) Secure Sockets Layer (SSL) are cryptographic protocols meant to secure the communication between computer systems. They are being used to provide an encrypted communication channel over which other clear-text protocols (HTTP, SMTP, POP3, FTP, etc) can be securely used to transmit application specific data.

However, since the introduction of SSLv2.0 in 1995 and the continuation to SSLv3.0, TLS1.0, TLS2.0 and the current TLS3.0, multiple weaknesses have been discovered in these protocols, making them vulnerable to cryptographic attacks which may allow attackers to decrypt the communication and gain access to sensitive data.

The SSL/TLS Vulnerability Scanner performs a security assessment of the configuration of the target SSL/TLS service, providing a list of weaknesses and vulnerabilities together with detailed recommendations for remediation.

The list of vulnerabilities detected by this scanner is:
  •   Heartbleed
  •   Ticketbleed
  •   CCS Injection
  •   POODLE
  •   ROBOT
  •   DROWN
  •   Secure Renegotiation (server-side)
  •   Secure Renegotiation (client-side)
  •   CRIME
  •   BREACH
  •   FREAK
  •   SWEET32
  •   BEAST
  •   LOGJAM


Parameters

Parameter Description
Target host The hostname or IP address of the SSL/TLS server to be scanned.
Target port(s) The SSL/TLS port to connect to. Multiple ports can be specified at once (comma separated) like: 443, 21, 25, 110.
Auto detect SSL/TLS When this option is enabled, the tool automatically scans the target host for the top 100 most common TCP ports, identifying the ones who have SSL/TLS support.


How it works

The SSL Scanner uses a scanning engine based on the testssl.sh tool, together with multiple tweaks, adjustments and improvements.

The scanner works by connecting to the target SSL server and trying various ciphers and SSL/TLS protocol versions in order to determine existing vulnerabilities.

All discovered issues are further interpreted by our scanner and properly formatted into a human readable report.