+ Added –json_out command for writing results to a file as JSON.
+ Bug fixes with client authentication and connectivity testing.
+ The –certinfo_basic command now also checks that the server certificate chain’s order is valid.
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.
Key features include:
– Multi-processed and multi-threaded scanning (it’s fast)
– SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
– Performance testing: session resumption and TLS tickets support
– Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more
– Server certificate validation and revocation checking through OCSP stapling
– Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
– Support for client certificates when scanning servers that perform mutual authentication
– XML output to further process the scan results
– And much more !
SSLyze requires Python 2.7; the supported platforms are Windows 7 32/64 bits, Linux 32/64 bits and OS X 64 bits.
Usage ; Command line options
The following command will provide the list of available command line options:
$ pip install sslyze
$ python sslyze.py -h
Sample command line:
$ python sslyze.py --regular www.isecpartners.com:443 www.google.com
See the test folder for additional examples.