iSECPartners/sslyze iSECPartners/sslyze

  • Stars
    star
    644
  • Rank 69,893 (Top 2 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 12 years ago
  • Updated over 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
iSECPartners/sslyze
github

iSECPartners

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Current development of SSLyze now takes place on a separate repository

Note

Current development of SSLyze now takes place on a separate repository: https://github.com/nabla-c0d3/sslyze.

This repository will periodically be updated from this new parent repository, but for the most current version, please check the new repo. If you cloned the repository but wish to track the new branch, you can update the origin using the following command:

git remote set-url origin https://github.com/nabla-c0d3/sslyze.git

======= SSLyze

Fast and full-featured SSL scanner.

Description

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.

Key features include:

  • Multi-processed and multi-threaded scanning (it's fast)
  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
  • Performance testing: session resumption and TLS tickets support
  • Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more
  • Server certificate validation and revocation checking through OCSP stapling
  • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
  • Support for client certificates when scanning servers that perform mutual authentication
  • XML output to further process the scan results
  • And much more !

Installation

SSLyze requires Python 2.7; the supported platforms are Windows 7 32/64 bits, Linux 32/64 bits and OS X 64 bits.

SSLyze is statically linked with OpenSSL. For this reason, the easiest way to run SSLyze is to download one the pre-compiled packages available in the GitHub releases section for this project, at https://github.com/nabla-c0d3/sslyze/releases.

Usage

Command line options

The following command will provide the list of available command line options: $ python sslyze.py -h

Sample command line:

$ python sslyze.py --regular www.isecpartners.com:443 www.google.com

See the test folder for additional examples.

Build / nassl

SSLyze is all Python code but since version 0.7, it uses a custom OpenSSL wrapper written in C called nassl. The pre-compiled packages for SSLyze contain a compiled version of this wrapper in sslyze/nassl. If you want to clone the SSLyze repo, you will have to get a compiled version of nassl from one of the SSLyze packages and copy it to sslyze-master/nassl, in order to get SSLyze to run.

The source code for nassl is hosted at https://github.com/nabla-c0d3/nassl.

Py2exe Build

SSLyze can be packaged as a Windows executable by running the following command:

$ python.exe setup_py2exe.py py2exe

License

GPLv2 - See LICENSE.txt.

More Repositories

1

ios-ssl-kill-switch

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps
Objective-C
894
star
2

Introspy-iOS

Security profiling for blackbox iOS
Objective-C
725
star
3

Android-SSL-TrustKiller

Bypass SSL certificate pinning for most applications
Java
704
star
4

jailbreak

Jailbreak
C++
472
star
5

Introspy-Android

Security profiling for blackbox Android
Java
464
star
6

android-ssl-bypass

Black box tool to bypass SSL verification on Android, even when pinning is used.
Java
314
star
7

yontma-mac

You'll Never Take Me Alive!
Objective-C
233
star
8

ssl-conservatory

Sample SSL client code for correct endpoint validation.
Objective-C
232
star
9

Introspy-Analyzer

JavaScript
213
star
10

LibTech-Auditing-Cheatsheet

Python
198
star
11

nano-ecc

A very small ECC implementation for 8-bit microcontrollers
C
149
star
12

Android-OpenDebug

Make any application debuggable
Java
132
star
13

jailbreak-Windows

Certificate extraction tool for Windows
125
star
14

tlspretense

A test framework for testing SSL/TLS client certificate validation.
Ruby
95
star
15

yontma

You'll never take me alive.
C++
85
star
16

Android-KillPermAndSigChecks

Bypass signature and permission checks for IPCs
Java
82
star
17

publications

iSEC Partners' research publications
C++
76
star
18

RtspFuzzer

RTSP network protocol fuzzer
Python
64
star
19

femtocatcher

Java
54
star
20

manifest-explorer

A tool for viewing Android application Manifests.
Java
48
star
21

fuzzbox

A multi-codec media fuzzing tool.
Python
42
star
22

scout

AWS EC2 and S3 Security Auditing Tool
Clojure
41
star
23

dnsRedir

Python
38
star
24

R2B2

A brute-forcing delta robot
Python
27
star
25

PeachFarmer

A log collector for Peach fuzzing in the cloud
C#
27
star
26

vtfinder

pykd script to dynamically find vtables on heap (windows x86/x64)
Python
24
star
27

sqlperms

A tool for calculating necessary SQL Server permissions
C#
23
star
28

package-play

Tool for viewing Android package details, including permissions, services, activities, and more.
Java
22
star
29

libshambles

A library for efficient interception of established TCP connections
C++
19
star
30

hiccupy

Jython binding for Burp to facilitate realtime traffic analysis and modification using simple plugins.
Java
14
star
31

ZigTools

C
11
star
32

ccs-testing-tool

9
star
33

samlpummel

A BeanShell plugin for WebScarab to automate SAML auditing.
Java
8
star
34

gizmo

A graphical web proxy written in Java. It is designed to be speedy, with the user interfaced centered around keyboard use. It should do what you want, and then get out of your way.
Java
8
star
35

extractparam

Java
7
star
36

SecureNSCoder

NSKeyed(Un)ArchiverDelegate implementation to encrypt state prior to preservation and decrypt it when restoring.
Objective-C
6
star