工具下载:git clone https://github.com/drwetter/testssl.sh.git

实验环境:192.168.1.22(bee-box v1.6)  192.168.1.20(kali-linux-2017.3)

一、SWEET32(CVE-2016-2183)

使用3DES的任何密码都易受SWEET32影响

命令:./testssl.sh -W 192.168.1.22

二、DROWN(CVE-2016-0800)

命令:./testssl.sh -D 192.168.1.22

三、FREAK(CVE-2015-0204)

命令:./testssl.sh -F 192.168.1.22

四、Logjam(CVE-2015-4000)

命令:./testssl.sh -J 192.168.1.22

五、Heartbleed(CVE-2014-0160)

命令:./testssl.sh -H 192.168.1.22:8443

六、POODLE SSLv3(CVE-2014-3566)

命令:./testssl.sh -O 192.168.1.22

七、CCS注入漏洞(CVE-2014-0224)

命令:./testssl.sh -I 192.168.1.22

八、POODLE TLS(CVE-2014-8730)

命令:./testssl.sh -O 192.168.1.22

九、BREACH(CVE-2013-3587)

命令:./testssl.sh -T 192.168.1.22

十、RC4 (CVE-2013-2566)

命令:./testssl.sh -4 192.168.1.22

./testssl.sh -E 192.168.1.22 查看所有加密算法,确保不存在RC4

十一、CRIME(CVE-2012-4929)

命令:./testssl.sh -C 192.168.1.22

十二、Renegotiation(CVE-2009-3555)

TLS / SSL重新协商漏洞

命令:./testssl.sh -R 192.168.1.22

 
 
转自:https://www.0dayhack.com/post-749.html
 
 
 
userid@somehost:~ % testssl.sh

testssl.sh <options>

     -h, --help                    what you're looking at

     -b, --banner                  displays banner + version of testssl.sh

     -v, --version                 same as previous

     -V, --local                   pretty print all local ciphers

     -V, --local <pattern>         which local ciphers with <pattern> are available?

                                   (if pattern not a number: word match)

testssl.sh <options> URI    ("testssl.sh URI" does everything except -E)

     -e, --each-cipher             checks each local cipher remotely

     -E, --cipher-per-proto        checks those per protocol

     -f, --ciphers                 checks common cipher suites

     -p, --protocols               checks TLS/SSL protocols (including SPDY/HTTP2)

     -y, --spdy, --npn             checks for SPDY/NPN

     -Y, --http2, --alpn           checks for HTTP2/ALPN

     -S, --server-defaults         displays the server's default picks and certificate info

     -P, --server-preference       displays the server's picks: protocol+cipher

     -x, --single-cipher <pattern> tests matched <pattern> of ciphers

                                   (if <pattern> not a number: word match)

     -c, --client-simulation       test client simulations, see which client negotiates with cipher and protocol

     -H, --header, --headers       tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address

     -U, --vulnerable              tests all vulnerabilities

     -B, --heartbleed              tests for heartbleed vulnerability

     -I, --ccs, --ccs-injection    tests for CCS injection vulnerability

     -R, --renegotiation           tests for renegotiation vulnerabilities

     -C, --compression, --crime    tests for CRIME vulnerability

     -T, --breach                  tests for BREACH vulnerability

     -O, --poodle                  tests for POODLE (SSL) vulnerability

     -Z, --tls-fallback            checks TLS_FALLBACK_SCSV mitigation

     -F, --freak                   tests for FREAK vulnerability

     -A, --beast                   tests for BEAST vulnerability

     -J, --logjam                  tests for LOGJAM vulnerability

     -D, --drown                   tests for DROWN vulnerability

     -s, --pfs, --fs, --nsa        checks (perfect) forward secrecy settings

     -4, --rc4, --appelbaum        which RC4 ciphers are being offered?

special invocations:

     -t, --starttls <protocol>     does a default run against a STARTTLS enabled <protocol>

     --xmpphost <to_domain>        for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed

     --mx <domain/host>            tests MX records from high to low priority (STARTTLS, port 25)

     --ip <ip>                     a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI

                                   b) arg "one" means: just test the first DNS returns (useful for multiple IPs)

     --file <fname>                mass testing option: Reads command lines from <fname>, one line per instance.

                                   Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"

partly mandatory parameters:

     URI                           host|host:port|URL|URL:port   (port 443 is assumed unless otherwise specified)

     pattern                       an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits

     protocol                      is one of the STARTTLS protocols ftp,smtp,pop3,imap,xmpp,telnet,ldap

                                   (for the latter two you need e.g. the supplied openssl)

tuning options (can also be preset via environment variables):

     --bugs                        enables the "-bugs" option of s_client, needed e.g. for some buggy F5s

     --assume-http                 if protocol check fails it assumes HTTP protocol and enforces HTTP checks

     --ssl-native                  fallback to checks with OpenSSL where sockets are normally used

     --openssl <PATH>              use this openssl binary (default: look in $PATH, $RUN_DIR of testssl.sh)

     --proxy <host>:<port>         connect via the specified HTTP proxy

     -6                            use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity

     --sneaky                      leave less traces in target logs: user agent, referer

output options (can also be preset via environment variables):

     --warnings <batch|off|false>  "batch" doesn't wait for keypress, "off" or "false" skips connection warning

     --quiet                       don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner

     --wide                        wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name

     --show-each                   for wide outputs: display all ciphers tested -- not only succeeded ones

     --mapping <no-rfc>            don't display the RFC Cipher Suite Name

     --color <0|1|2>               0: no escape or other codes,  1: b/w escape codes,  2: color (default)

     --colorblind                  swap green and blue in the output

     --debug <0-6>                 1: screen output normal but keeps debug output in /tmp/.  2-6: see "grep -A 5 '^DEBUG=' testssl.sh"

file output options (can also be preset via environment variables):

     --log, --logging              logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory

     --logfile <logfile>           logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file

     --json                        additional output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd

     --jsonfile <jsonfile>         additional output to JSON and output JSON to the specified file

     --csv                         additional output of findings to CSV file  <NODE-YYYYMMDD-HHMM.csv> in cwd

     --csvfile <csvfile>           set output to CSV and output CSV to the specified file

     --append                      if <csvfile> or <jsonfile> exists rather append then overwrite

All options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.

<URI> is always the last parameter.

Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/aha) like

   "testssl.sh <options> <URI> | aha >output.html"

userid@somehost:~ %

SSL和TLS漏洞验证的更多相关文章

  1. 【实战】SSL和TLS漏洞验证

    工具下载:git clone https://github.com/drwetter/testssl.sh.git 实验环境:192.168.1.22(bee-box v1.6) 192.168.1. ...

  2. (转)SSL/TLS 漏洞“受戒礼”,RC4算法关闭

    原文:https://blog.csdn.net/Nedved_L/article/details/81110603 SSL/TLS 漏洞“受戒礼” 一.漏洞分析事件起因2015年3月26日,国外数据 ...

  3. SSL/TLS 漏洞“受戒礼”,RC4算法关闭

    SSL/TLS 漏洞"受戒礼" 一.漏洞分析 事件起因 2015年3月26日,国外数据安全公司Imperva的研究员Itsik Mantin在BLACK HAT ASIA 2015 ...

  4. 解决关键SSL安全问题和漏洞

    解决关键SSL安全问题和漏洞 SSL(安全套接字层)逐渐被大家所重视,但是最不能忽视的也是SSL得漏洞,随着SSL技术的发展,新的漏洞也就出现了,下面小编就为大家介绍简单七步教你如何解决关键SSL安全 ...

  5. 安全协议系列(四)----SSL与TLS

    当今社会,电子商务大行其道,作为网络安全 infrastructure 之一的 -- SSL/TLS 协议的重要性已不用多说.OpenSSL 则是基于该协议的目前应用最广泛的开源实现,其影响之大,以至 ...

  6. 关于x509、crt、cer、key、csr、pem、der、ssl、tls 、openssl等

    关于x509.crt.cer.key.csr.pem.der.ssl.tls .openssl等 TLS:传输层安全协议 Transport Layer Security的缩写 TLS是传输层安全协议 ...

  7. SSL、TLS协议格式、HTTPS通信过程、RDP SSL通信过程

    相关学习资料 http://www.360doc.com/content/10/0602/08/1466362_30787868.shtml http://www.gxu.edu.cn/college ...

  8. Burpsuite如何抓取使用了SSL或TLS传输的Android App流量

    一.问题分析 一般来说安卓的APP端测试分为两个部分,一个是对APK包层面的检测,如apk本身是否加壳.源代码本身是否有恶意内嵌广告等的测试,另一个就是通过在本地架设代理服务器来抓取app的包分析是否 ...

  9. SSL、TLS协议格式、HTTPS通信过程、RDP SSL通信过程(缺heartbeat)

    SSL.TLS协议格式.HTTPS通信过程.RDP SSL通信过程   相关学习资料 http://www.360doc.com/content/10/0602/08/1466362_30787868 ...

随机推荐

  1. python编程语言学习day02

    格式化输出 (1)info 格式 (2)%字符串占位 %s 表示字符串占位 %d 表示整数占位 %f 表示浮点数占位 中间的%     之后是所需要输入的值 多个占位, %  之后用()括号括起    ...

  2. leetcood学习笔记-171-excel表列序号

    题目描述: 方法: class Solution: def titleToNumber(self, s: str) -> int: num = 0 r = 1 for i in s[::-1]: ...

  3. thinkphp 数据库缓存

    默认的数据库驱动位于Think\Db\Driver命名空间下面,驱动类必须继承Think\Db类,每个数据库驱动必须要实现的接口方法包括(具体参数可以参考现有的数据库驱动类库): 驱动方法 方法说明 ...

  4. Nginx被动健康检查和主动健康检查

    1.被动健康检查 Nginx自带有健康检查模块:ngx_http_upstream_module,可以做到基本的健康检查,配置如下: upstream cluster{ server max_fail ...

  5. delphi 备注一些函数

    Delphi的StringReplace 字符串替换函数 function StringReplace (const S, OldPattern, NewPattern: string; Flags: ...

  6. php 类静态变量 和 常量消耗内存及时间对比

    在对类执行100w次循环后, 常量最快,变量其次,静态变量消耗时间最高 其中: 常量消耗:101.1739毫秒 变量消耗:2039.7689毫秒 静态变量消耗:4084.8911毫秒 测试代码: cl ...

  7. python从入门到大神---4、python3文件操作最最最最简单实例

    python从入门到大神---4.python3文件操作最最最最简单实例 一.总结 一句话总结: python文件操作真的很简单,直接在代码中调用文件操作的函数比如open().read(),无需引包 ...

  8. sublime 分屏 实现代码整体前后移

    view->layout->column2 或者快捷键 command+alt+n (mac) "Tab"键整体后移,"Shift+Tab"整体前移

  9. spark-sql性能优化之——多线程实现多Job并发执行

    直接上代码 val spark = SparkSession.builder() .appName("name") .master("local[2]") .g ...

  10. 15-Ubuntu-文件和目录命令-查看目录内容-ls-2

    4. ls和通配符的使用 通配符适用的地方:shell命令行或者shell脚本中. 正则表达式适用的地方:字符串处理时,一般有一般正则和Perl正则. 正则表达式与通配符有相同的符号但是意义不同!! ...