legal contact

tools to enumerate/verify

Best tool I've found is surely sslyze by Tom Ritter.

It shows all the cyphers found on a specific site and is capable of analysing https-, ftps, smtps and vpn enabled services. I personally use this very often to re-verify some of the fixes that have been applied to services removed the vulnerable cypher.

A very good online test can be found at:

FREAK test:

sslyze --sslv2 sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 --hide_rejected_ciphers [hostname or IP address]

Watch out for:

EXP-RC4-MD5 40 bits 250 2.0.0 Ok

EXP-RC2-CBC-MD5 40 bits 250 2.0.0 Ok

EXP-EDH-RSA-DES-CBC-SHA 40 bits 250 2.0.0 Ok

EXP-DES-CBC-SHA 40 bits 250 2.0.0 Ok


POODLE test:

sslyze --sslv2 --sslv3 --hide_rejected_ciphers ]hostname or IP address]

Watch for:

* SSLV3 Cipher Suites :

Rejected Cipher Suite(s):

Hidden Preferred Cipher Suite: DHE-RSA-AES256-SHA 256 bits 250 2.0.0 Ok

Accepted Cipher Suite(s):

EXP-ADH-RC4-MD5 Anon 250 2.0.0 Ok

EXP-ADH-DES-CBC-SHA Anon 250 2.0.0 Ok

ADH-RC4-MD5 Anon 250 2.0.0 Ok


heartbleed test:

msf > use auxiliary/scanner/ssl/openssl_heartbleed

Still need to set the RHOSTS and RPORTS accordinlgy

msf auxiliary(openssl_heartbleed) > set verbose true

verbose makes the fun as you can now see WHAT information is retrieved. (username, password, etc.)

I recently found a nice shell script tool that does some nice testing from Dirk Wetter.

Certainly worth a try...

Download it here