SSL/TLS Vulnerability Scanner

Discover SSL and TLS configuration issues and vulnerabilities like: POODLE, Heartbleed, DROWN, ROBOT, Ticketbleed and more.

Light Scan

Full Scan

Free Scan

Sample Report | Use Cases | Technical Details

Need to see the full results?

Unlock the full power and feature of our SSL/TLS Vulnerability Scanner! Compare pricing plans and discover more tools and features.

See all pricing options

Sample Report

Here is a SSL/TLS Vulnerability Scanner sample report:

Shows the status of your SSL server configuration
Includes information about the SSL certificate
Provides remediation measures and references

Download Sample Report

SSL/TLS Vulnerability Scanner - Use Cases

The SSL Scanner connects to the target port and attempts negotiate various cipher suites and multiple SSL/TLS versions in order to determine weak configurations and common vulnerabilities (ex. POODLE, Heartbleed, DROWN, ROBOT etc.). The full version of the SSL Scanner scans multiple ports and services (HTTPS, SMTPs, IMAPs, etc.).

Technical Details

About

Transport Layer Security (TLS) and (now deprecated) Secure Sockets Layer (SSL) are cryptographic protocols meant to secure the communication between computer systems. They are being used to provide an encrypted communication channel over which other clear-text protocols (HTTP, SMTP, POP3, FTP, etc) can be securely used to transmit application specific data.

However, since the introduction of SSLv2.0 in 1995 and the continuation to SSLv3.0, TLS1.0, TLS2.0 and the current TLS3.0, multiple weaknesses have been discovered in these protocols, making them vulnerable to cryptographic attacks which may allow attackers to decrypt the communication and gain access to sensitive data.

The SSL/TLS Vulnerability Scanner performs a security assessment of the configuration of the target SSL/TLS service, providing a list of weaknesses and vulnerabilities together with detailed recommendations for remediation.

The list of vulnerabilities detected by this scanner is:

Heartbleed
Ticketbleed
CCS Injection
POODLE
ROBOT
DROWN
Secure Renegotiation (server-side)
Secure Renegotiation (client-side)
CRIME
BREACH
FREAK
SWEET32
BEAST
LOGJAM

Parameters

Parameter	Description
Target host	The hostname or IP address of the SSL/TLS server to be scanned.
Target port(s)	The SSL/TLS port to connect to. Multiple ports can be specified at once (comma separated) like: 443, 21, 25, 110.
Auto detect SSL/TLS	When this option is enabled, the tool automatically scans the target host for the top 100 most common TCP ports, identifying the ones who have SSL/TLS support.

How it works

The SSL Scanner uses a scanning engine based on the testssl.sh tool, together with multiple tweaks, adjustments and improvements.

The scanner works by connecting to the target SSL server and trying various ciphers and SSL/TLS protocol versions in order to determine existing vulnerabilities.

All discovered issues are further interpreted by our scanner and properly formatted into a human readable report.

Perform full SSL/TLS scans with more powerful options.

Options	Light scan	Full scan
Target type	Single host	Multiple hosts
IP range scan
Target SSL port	443	Any port
Target service	HTTPS	HTTPS SMTPs IMAPs FTPs and more
SSL port specification	Manual	Auto discovery

You also get:

+ full access to all the 25+ tools on the platform

+ dedicated scanners for major new vulnerabilities

+ authenticated scans, reporting & a lot more!

Information Gathering

Web Application Testing

CMS Tests

Infrastructure Testing

Exploit Helpers