[Cialug] TLS Scanning/Testing
Jimmy Lela
binaryvisionary at gmail.com
Mon Apr 27 20:40:52 UTC 2020
Are you wanting to scan from inside your local network or from the outside
to see what's exposed? For the latter, this is an excellent tool:
https://www.ssllabs.com/ssltest/. For the former, I think Nessus has an
open source vulnerability scanner you can download and use. There are also
openssl utilities to just list the cipers and TLS versions I think. I've
used nmap for this as well, something like: nmap -sV --script
ssl-cert,ssl-enum-ciphers -p 443 <server name or IP>
On Mon, Apr 27, 2020 at 3:10 PM Todd Walton <tdwalton at gmail.com> wrote:
> I would like to scan my local network for HTTPS endpoints and get back a
> useful report (of some sort) telling me what listeners are not up to date,
> TLS-wise. Where I have outdated ciphers. What's still supporting TLS 1.0.
> Et cetera. I have found testssl.sh, which is really sweet, but is a bit of
> overload on the info and there's no way that I can tell to limit what it
> looks for. And ssylze, which is more configurable.
>
> Anyone have any suggestions in this area?
>
> --
> Todd
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
--
"Can you jam with the console cowboys in cyberspace?"
More information about the Cialug
mailing list