工具下载:git clone https://github.com/drwetter/testssl.sh.git

实验环境:192.168.1.22(bee-box v1.6)  192.168.1.20(kali-linux-2017.3)

一、SWEET32(CVE-2016-2183)

使用3DES的任何密码都易受SWEET32影响

命令:./testssl.sh -W 192.168.1.22

二、DROWN(CVE-2016-0800)

命令:./testssl.sh -D 192.168.1.22

三、FREAK(CVE-2015-0204)

命令:./testssl.sh -F 192.168.1.22

四、Logjam(CVE-2015-4000)

命令:./testssl.sh -J 192.168.1.22

五、Heartbleed(CVE-2014-0160)

命令:./testssl.sh -H 192.168.1.22:8443

六、POODLE SSLv3(CVE-2014-3566)

命令:./testssl.sh -O 192.168.1.22

七、CCS注入漏洞(CVE-2014-0224)

命令:./testssl.sh -I 192.168.1.22

八、POODLE TLS(CVE-2014-8730)

命令:./testssl.sh -O 192.168.1.22

九、BREACH(CVE-2013-3587)

命令:./testssl.sh -T 192.168.1.22

十、RC4 (CVE-2013-2566)

命令:./testssl.sh -4 192.168.1.22

./testssl.sh -E 192.168.1.22 查看所有加密算法,确保不存在RC4

十一、CRIME(CVE-2012-4929)

命令:./testssl.sh -C 192.168.1.22

十二、Renegotiation(CVE-2009-3555)

TLS / SSL重新协商漏洞

命令:./testssl.sh -R 192.168.1.22

 
 
转自:https://www.0dayhack.com/post-749.html
 
 
 
userid@somehost:~ % testssl.sh

testssl.sh <options>

     -h, --help                    what you're looking at

     -b, --banner                  displays banner + version of testssl.sh

     -v, --version                 same as previous

     -V, --local                   pretty print all local ciphers

     -V, --local <pattern>         which local ciphers with <pattern> are available?

                                   (if pattern not a number: word match)

testssl.sh <options> URI    ("testssl.sh URI" does everything except -E)

     -e, --each-cipher             checks each local cipher remotely

     -E, --cipher-per-proto        checks those per protocol

     -f, --ciphers                 checks common cipher suites

     -p, --protocols               checks TLS/SSL protocols (including SPDY/HTTP2)

     -y, --spdy, --npn             checks for SPDY/NPN

     -Y, --http2, --alpn           checks for HTTP2/ALPN

     -S, --server-defaults         displays the server's default picks and certificate info

     -P, --server-preference       displays the server's picks: protocol+cipher

     -x, --single-cipher <pattern> tests matched <pattern> of ciphers

                                   (if <pattern> not a number: word match)

     -c, --client-simulation       test client simulations, see which client negotiates with cipher and protocol

     -H, --header, --headers       tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address

     -U, --vulnerable              tests all vulnerabilities

     -B, --heartbleed              tests for heartbleed vulnerability

     -I, --ccs, --ccs-injection    tests for CCS injection vulnerability

     -R, --renegotiation           tests for renegotiation vulnerabilities

     -C, --compression, --crime    tests for CRIME vulnerability

     -T, --breach                  tests for BREACH vulnerability

     -O, --poodle                  tests for POODLE (SSL) vulnerability

     -Z, --tls-fallback            checks TLS_FALLBACK_SCSV mitigation

     -F, --freak                   tests for FREAK vulnerability

     -A, --beast                   tests for BEAST vulnerability

     -J, --logjam                  tests for LOGJAM vulnerability

     -D, --drown                   tests for DROWN vulnerability

     -s, --pfs, --fs, --nsa        checks (perfect) forward secrecy settings

     -4, --rc4, --appelbaum        which RC4 ciphers are being offered?

special invocations:

     -t, --starttls <protocol>     does a default run against a STARTTLS enabled <protocol>

     --xmpphost <to_domain>        for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed

     --mx <domain/host>            tests MX records from high to low priority (STARTTLS, port 25)

     --ip <ip>                     a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI

                                   b) arg "one" means: just test the first DNS returns (useful for multiple IPs)

     --file <fname>                mass testing option: Reads command lines from <fname>, one line per instance.

                                   Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"

partly mandatory parameters:

     URI                           host|host:port|URL|URL:port   (port 443 is assumed unless otherwise specified)

     pattern                       an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits

     protocol                      is one of the STARTTLS protocols ftp,smtp,pop3,imap,xmpp,telnet,ldap

                                   (for the latter two you need e.g. the supplied openssl)

tuning options (can also be preset via environment variables):

     --bugs                        enables the "-bugs" option of s_client, needed e.g. for some buggy F5s

     --assume-http                 if protocol check fails it assumes HTTP protocol and enforces HTTP checks

     --ssl-native                  fallback to checks with OpenSSL where sockets are normally used

     --openssl <PATH>              use this openssl binary (default: look in $PATH, $RUN_DIR of testssl.sh)

     --proxy <host>:<port>         connect via the specified HTTP proxy

     -6                            use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity

     --sneaky                      leave less traces in target logs: user agent, referer

output options (can also be preset via environment variables):

     --warnings <batch|off|false>  "batch" doesn't wait for keypress, "off" or "false" skips connection warning

     --quiet                       don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner

     --wide                        wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name

     --show-each                   for wide outputs: display all ciphers tested -- not only succeeded ones

     --mapping <no-rfc>            don't display the RFC Cipher Suite Name

     --color <0|1|2>               0: no escape or other codes,  1: b/w escape codes,  2: color (default)

     --colorblind                  swap green and blue in the output

     --debug <0-6>                 1: screen output normal but keeps debug output in /tmp/.  2-6: see "grep -A 5 '^DEBUG=' testssl.sh"

file output options (can also be preset via environment variables):

     --log, --logging              logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory

     --logfile <logfile>           logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file

     --json                        additional output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd

     --jsonfile <jsonfile>         additional output to JSON and output JSON to the specified file

     --csv                         additional output of findings to CSV file  <NODE-YYYYMMDD-HHMM.csv> in cwd

     --csvfile <csvfile>           set output to CSV and output CSV to the specified file

     --append                      if <csvfile> or <jsonfile> exists rather append then overwrite

All options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.

<URI> is always the last parameter.

Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/aha) like

   "testssl.sh <options> <URI> | aha >output.html"

userid@somehost:~ %

SSL和TLS漏洞验证的更多相关文章

  1. 【实战】SSL和TLS漏洞验证

    工具下载:git clone https://github.com/drwetter/testssl.sh.git 实验环境:192.168.1.22(bee-box v1.6) 192.168.1. ...

  2. (转)SSL/TLS 漏洞“受戒礼”,RC4算法关闭

    原文:https://blog.csdn.net/Nedved_L/article/details/81110603 SSL/TLS 漏洞“受戒礼” 一.漏洞分析事件起因2015年3月26日,国外数据 ...

  3. SSL/TLS 漏洞“受戒礼”,RC4算法关闭

    SSL/TLS 漏洞"受戒礼" 一.漏洞分析 事件起因 2015年3月26日,国外数据安全公司Imperva的研究员Itsik Mantin在BLACK HAT ASIA 2015 ...

  4. 解决关键SSL安全问题和漏洞

    解决关键SSL安全问题和漏洞 SSL(安全套接字层)逐渐被大家所重视,但是最不能忽视的也是SSL得漏洞,随着SSL技术的发展,新的漏洞也就出现了,下面小编就为大家介绍简单七步教你如何解决关键SSL安全 ...

  5. 安全协议系列(四)----SSL与TLS

    当今社会,电子商务大行其道,作为网络安全 infrastructure 之一的 -- SSL/TLS 协议的重要性已不用多说.OpenSSL 则是基于该协议的目前应用最广泛的开源实现,其影响之大,以至 ...

  6. 关于x509、crt、cer、key、csr、pem、der、ssl、tls 、openssl等

    关于x509.crt.cer.key.csr.pem.der.ssl.tls .openssl等 TLS:传输层安全协议 Transport Layer Security的缩写 TLS是传输层安全协议 ...

  7. SSL、TLS协议格式、HTTPS通信过程、RDP SSL通信过程

    相关学习资料 http://www.360doc.com/content/10/0602/08/1466362_30787868.shtml http://www.gxu.edu.cn/college ...

  8. Burpsuite如何抓取使用了SSL或TLS传输的Android App流量

    一.问题分析 一般来说安卓的APP端测试分为两个部分,一个是对APK包层面的检测,如apk本身是否加壳.源代码本身是否有恶意内嵌广告等的测试,另一个就是通过在本地架设代理服务器来抓取app的包分析是否 ...

  9. SSL、TLS协议格式、HTTPS通信过程、RDP SSL通信过程(缺heartbeat)

    SSL.TLS协议格式.HTTPS通信过程.RDP SSL通信过程   相关学习资料 http://www.360doc.com/content/10/0602/08/1466362_30787868 ...

随机推荐

  1. nodejs 在MYSQL 数据库中插入和查询数据

    插入前的数据库: 插入后的数据库: 输出结果: demo var mysql = require('mysql'); var connection = mysql.createConnection({ ...

  2. notepad++去换行(简单、快捷)

    文本处理问题 这个方式可以快捷处理, 不用Linux命令, linux 与window之间的文件转换很烦人, 这个方法可以处理

  3. leetcode-158周赛-5225-最大相等频率

    题目描述: 方法: class Solution(object): def maxEqualFreq(self, A): count = collections.Counter() freqs = c ...

  4. C++ string的大小写转换【转载】

    转载自https://www.cnblogs.com/balingybj/p/4678850.html 将一个string转换成大写或者小写,是项目中经常需要做的事情,但string类里并 没有提供这 ...

  5. 其它课程中的python---2、NumPy模块

    其它课程中的python---2.NumPy模块 一.总结 一句话总结: numpy在数组计算方面又快又方便 1.NumPy中的ndarray是一个多维数组对象,该对象由哪两部分组成? -实际的数据 ...

  6. 使用bash关联数组统计单词

    使用bash关联数组统计单词 从bash 4开始支持关联数组,使用前需要声明,即 declare -A map map[key1]=value1 map[key2]=value2 map=([key1 ...

  7. maven-dependencyManagement和dependencies区别

    在多模块的maven项目中,如果各个子项目的依赖包相同但版本不同的话,对于测试.发布和管理非常困难 dependencyManagement就是起统一版本作用的一个标签,好处有2,一是统一版本,二是子 ...

  8. Jedis整合单机、Sentinel和Cluster模式

    配置文件和配置类 @Data @Configuration @ConfigurationProperties("jedis-config") public class JedisC ...

  9. CentOS7中下载MySQL

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~CentOS 7中,yum默认安装的是Mariadb,但我想使用MyS ...

  10. 配置Spring Security 错误:Property or field 'ROLE_USER' cannot be found

    在学习http://www.mkyong.com/spring-security/spring-security-hello-world-example/时,出现以下错误: Property or f ...