工具下载:git clone https://github.com/drwetter/testssl.sh.git

实验环境:192.168.1.22(bee-box v1.6)  192.168.1.20(kali-linux-2017.3)

一、SWEET32(CVE-2016-2183)

使用3DES的任何密码都易受SWEET32影响

命令:./testssl.sh -W 192.168.1.22

二、DROWN(CVE-2016-0800)

命令:./testssl.sh -D 192.168.1.22

三、FREAK(CVE-2015-0204)

命令:./testssl.sh -F 192.168.1.22

四、Logjam(CVE-2015-4000)

命令:./testssl.sh -J 192.168.1.22

五、Heartbleed(CVE-2014-0160)

命令:./testssl.sh -H 192.168.1.22:8443

六、POODLE SSLv3(CVE-2014-3566)

命令:./testssl.sh -O 192.168.1.22

七、CCS注入漏洞(CVE-2014-0224)

命令:./testssl.sh -I 192.168.1.22

八、POODLE TLS(CVE-2014-8730)

命令:./testssl.sh -O 192.168.1.22

九、BREACH(CVE-2013-3587)

命令:./testssl.sh -T 192.168.1.22

十、RC4 (CVE-2013-2566)

命令:./testssl.sh -4 192.168.1.22

./testssl.sh -E 192.168.1.22 查看所有加密算法,确保不存在RC4

十一、CRIME(CVE-2012-4929)

命令:./testssl.sh -C 192.168.1.22

十二、Renegotiation(CVE-2009-3555)

TLS / SSL重新协商漏洞

命令:./testssl.sh -R 192.168.1.22

 
 
转自:https://www.0dayhack.com/post-749.html
 
 
 
userid@somehost:~ % testssl.sh

testssl.sh <options>

     -h, --help                    what you're looking at

     -b, --banner                  displays banner + version of testssl.sh

     -v, --version                 same as previous

     -V, --local                   pretty print all local ciphers

     -V, --local <pattern>         which local ciphers with <pattern> are available?

                                   (if pattern not a number: word match)

testssl.sh <options> URI    ("testssl.sh URI" does everything except -E)

     -e, --each-cipher             checks each local cipher remotely

     -E, --cipher-per-proto        checks those per protocol

     -f, --ciphers                 checks common cipher suites

     -p, --protocols               checks TLS/SSL protocols (including SPDY/HTTP2)

     -y, --spdy, --npn             checks for SPDY/NPN

     -Y, --http2, --alpn           checks for HTTP2/ALPN

     -S, --server-defaults         displays the server's default picks and certificate info

     -P, --server-preference       displays the server's picks: protocol+cipher

     -x, --single-cipher <pattern> tests matched <pattern> of ciphers

                                   (if <pattern> not a number: word match)

     -c, --client-simulation       test client simulations, see which client negotiates with cipher and protocol

     -H, --header, --headers       tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address

     -U, --vulnerable              tests all vulnerabilities

     -B, --heartbleed              tests for heartbleed vulnerability

     -I, --ccs, --ccs-injection    tests for CCS injection vulnerability

     -R, --renegotiation           tests for renegotiation vulnerabilities

     -C, --compression, --crime    tests for CRIME vulnerability

     -T, --breach                  tests for BREACH vulnerability

     -O, --poodle                  tests for POODLE (SSL) vulnerability

     -Z, --tls-fallback            checks TLS_FALLBACK_SCSV mitigation

     -F, --freak                   tests for FREAK vulnerability

     -A, --beast                   tests for BEAST vulnerability

     -J, --logjam                  tests for LOGJAM vulnerability

     -D, --drown                   tests for DROWN vulnerability

     -s, --pfs, --fs, --nsa        checks (perfect) forward secrecy settings

     -4, --rc4, --appelbaum        which RC4 ciphers are being offered?

special invocations:

     -t, --starttls <protocol>     does a default run against a STARTTLS enabled <protocol>

     --xmpphost <to_domain>        for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed

     --mx <domain/host>            tests MX records from high to low priority (STARTTLS, port 25)

     --ip <ip>                     a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI

                                   b) arg "one" means: just test the first DNS returns (useful for multiple IPs)

     --file <fname>                mass testing option: Reads command lines from <fname>, one line per instance.

                                   Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"

partly mandatory parameters:

     URI                           host|host:port|URL|URL:port   (port 443 is assumed unless otherwise specified)

     pattern                       an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits

     protocol                      is one of the STARTTLS protocols ftp,smtp,pop3,imap,xmpp,telnet,ldap

                                   (for the latter two you need e.g. the supplied openssl)

tuning options (can also be preset via environment variables):

     --bugs                        enables the "-bugs" option of s_client, needed e.g. for some buggy F5s

     --assume-http                 if protocol check fails it assumes HTTP protocol and enforces HTTP checks

     --ssl-native                  fallback to checks with OpenSSL where sockets are normally used

     --openssl <PATH>              use this openssl binary (default: look in $PATH, $RUN_DIR of testssl.sh)

     --proxy <host>:<port>         connect via the specified HTTP proxy

     -6                            use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity

     --sneaky                      leave less traces in target logs: user agent, referer

output options (can also be preset via environment variables):

     --warnings <batch|off|false>  "batch" doesn't wait for keypress, "off" or "false" skips connection warning

     --quiet                       don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner

     --wide                        wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name

     --show-each                   for wide outputs: display all ciphers tested -- not only succeeded ones

     --mapping <no-rfc>            don't display the RFC Cipher Suite Name

     --color <0|1|2>               0: no escape or other codes,  1: b/w escape codes,  2: color (default)

     --colorblind                  swap green and blue in the output

     --debug <0-6>                 1: screen output normal but keeps debug output in /tmp/.  2-6: see "grep -A 5 '^DEBUG=' testssl.sh"

file output options (can also be preset via environment variables):

     --log, --logging              logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory

     --logfile <logfile>           logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file

     --json                        additional output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd

     --jsonfile <jsonfile>         additional output to JSON and output JSON to the specified file

     --csv                         additional output of findings to CSV file  <NODE-YYYYMMDD-HHMM.csv> in cwd

     --csvfile <csvfile>           set output to CSV and output CSV to the specified file

     --append                      if <csvfile> or <jsonfile> exists rather append then overwrite

All options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.

<URI> is always the last parameter.

Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/aha) like

   "testssl.sh <options> <URI> | aha >output.html"

userid@somehost:~ %

SSL和TLS漏洞验证的更多相关文章

  1. 【实战】SSL和TLS漏洞验证

    工具下载:git clone https://github.com/drwetter/testssl.sh.git 实验环境:192.168.1.22(bee-box v1.6) 192.168.1. ...

  2. (转)SSL/TLS 漏洞“受戒礼”,RC4算法关闭

    原文:https://blog.csdn.net/Nedved_L/article/details/81110603 SSL/TLS 漏洞“受戒礼” 一.漏洞分析事件起因2015年3月26日,国外数据 ...

  3. SSL/TLS 漏洞“受戒礼”,RC4算法关闭

    SSL/TLS 漏洞"受戒礼" 一.漏洞分析 事件起因 2015年3月26日,国外数据安全公司Imperva的研究员Itsik Mantin在BLACK HAT ASIA 2015 ...

  4. 解决关键SSL安全问题和漏洞

    解决关键SSL安全问题和漏洞 SSL(安全套接字层)逐渐被大家所重视,但是最不能忽视的也是SSL得漏洞,随着SSL技术的发展,新的漏洞也就出现了,下面小编就为大家介绍简单七步教你如何解决关键SSL安全 ...

  5. 安全协议系列(四)----SSL与TLS

    当今社会,电子商务大行其道,作为网络安全 infrastructure 之一的 -- SSL/TLS 协议的重要性已不用多说.OpenSSL 则是基于该协议的目前应用最广泛的开源实现,其影响之大,以至 ...

  6. 关于x509、crt、cer、key、csr、pem、der、ssl、tls 、openssl等

    关于x509.crt.cer.key.csr.pem.der.ssl.tls .openssl等 TLS:传输层安全协议 Transport Layer Security的缩写 TLS是传输层安全协议 ...

  7. SSL、TLS协议格式、HTTPS通信过程、RDP SSL通信过程

    相关学习资料 http://www.360doc.com/content/10/0602/08/1466362_30787868.shtml http://www.gxu.edu.cn/college ...

  8. Burpsuite如何抓取使用了SSL或TLS传输的Android App流量

    一.问题分析 一般来说安卓的APP端测试分为两个部分,一个是对APK包层面的检测,如apk本身是否加壳.源代码本身是否有恶意内嵌广告等的测试,另一个就是通过在本地架设代理服务器来抓取app的包分析是否 ...

  9. SSL、TLS协议格式、HTTPS通信过程、RDP SSL通信过程(缺heartbeat)

    SSL.TLS协议格式.HTTPS通信过程.RDP SSL通信过程   相关学习资料 http://www.360doc.com/content/10/0602/08/1466362_30787868 ...

随机推荐

  1. 微信小程序学习之navigate(1)navigateTo方法与navigateBack方法对于page生命周期不同的触发影响

    小程序的每个页面都有一些生命周期,每个生命周期由分别有着不同的生命周期钩子函数.而我们的业务逻辑写在这些生命周期的钩子函数中,那么弄清楚那种情形下会触发那些生命周期钩子函数就非常重要了 先上一段代码 ...

  2. 自行制作yum源仓库

    背景 客户服务器为内网机器,centos7系统,且无法与外网连接.需要部署对应的LANMP环境及其它软件 解决思路 1.在阿里云服务器,利用阿里云的yum源仓库,下载对应软件及关联软件. 2.在客户机 ...

  3. Python加密模块

    RSA加密 # 生成公钥私钥对象 import rsa pub_key_obj, priv_key_obj = rsa.newkeys(1024) ''' 这里的1024是二进制位数, 也就是说他加密 ...

  4. 网络编程之TCP协议怎么使用?

    TCP 通信的客户端:向服务器发送连接请求,给服务器发送数据,读取服务器会写的数据 表示客户端的类: java.net.Socket;此类实现客户端套接字.套接字是两台机器间通信的端点 套接字:包含了 ...

  5. C++——函数模板和类模板

    声明: //template 关键字告诉C++编译器 我要开始泛型了.你不要随便报错 //数据类型T 参数化数据类型 template <typename T> void myswap(T ...

  6. NX二次开发-相对路径环境变量和绝对路径环境变量

    相对路径环境变量:${UGII_BASE_DIR}\CaesarToolkits 绝对路径环境变量:D:\Program Files\Siemens\NX 9.0\CaesarToolkits

  7. 笨办法学Python记录--习题15-17 开始读写文件啦

    习题15 - 17 打开并读流程: from sys import argv script,filename = argv txt = open(filename) print "Here' ...

  8. 拾遗:『rhel6系列的开、关机脚本』

    一.系统脚本位置及含义 /etc/inittab./etc/init/* 存放开关机配置文件 /etc/init.d/* 服务脚本,是一个到/etc/rc.d/init.d/的软链接 /etc/rc. ...

  9. LaTeX+TexStudio安装与使用

    (很多杂志期刊接受LaTeX电子版时会提供自己的模板,只要使用他们的模板即可完美地展现在对应的刊物中) 0x00. 优点 丰富易用的数学公式和特殊符号: 容易生成图表编号.引用.交叉引用.目录: 可以 ...

  10. Cesium资料大全

    前言 Cesium是一个用于显示三维地球和地图的开源js库.它可以用来显示海量三维模型数据.影像数据.地形高程数据.矢量数据等等.三维模型格式支持gltf.三维瓦片模型格式支持3d tiles.矢量数 ...