+ Major rewrite and cleanup in order to:
— Turn SSLyze into a Python module, allowing scans to be run and processed directly from Python
— Add SSLyze to PyPi
— These changes should make it easy to build tools and scripts on top of SSLyze
+ Renamed the command line tool to sslyze_cli.py to avoid conflicts with the sslyze module
+ Added the –fallback command to check support for the TLS_FALLBACK_SCSV cipher suite, which prevents downgrade attacks
+ Added the –openssl_ccs command to check for the OpenSSL CCS Injection vulnerability
+ Renamed the –certinfo=basic and –certinfo=full commands to –certinfo_basic and –certinfo_full
+ Removed the –chrome_sha1 command and merged the SHA1 deprecation check into –certinfo_basic
+ Fixed support for client authentication
+ Extended support for scanning through a CONNECT proxy to StartTLS protocols
+ Modified cipher suite plugin to return RFC cipher names instead of OpenSSL cipher names
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.
Key features include:
– Multi-processed and multi-threaded scanning (it’s fast)
– SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
– Performance testing: session resumption and TLS tickets support
– Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more
– Server certificate validation and revocation checking through OCSP stapling
– Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
– Support for client certificates when scanning servers that perform mutual authentication
– XML output to further process the scan results
– And much more !
SSLyze requires Python 2.7; the supported platforms are Windows 7 32/64 bits, Linux 32/64 bits and OS X 64 bits.
Usage ; Command line options
The following command will provide the list of available command line options:
$ pip install sslyze
$ python sslyze.py -h
Sample command line:
$ python sslyze.py --regular www.isecpartners.com:443 www.google.com
See the test folder for additional examples.