Pentest Tools #3 – SSLScan

In the third week of the blog series, in which we present various hacker tools, we are still in the reconnaissance phase, in which the attacker collects as much information as possible about the targets. The Pentest tool #3 is SSLScan. This scanner provides quick information about which encryption methods are used on the scanned server. So it can be quickly determined whether the encrypted connection is still at the current security standard.


Pentest Tool #3 SSLScan

About SSL/TLS encryption we have already published a blog series in the past, which describes the history of this encryption in detail. TLS makes sure that we can perform sensitive activities, such as online banking, securely over the Internet today.

For this secure connection, a so-called cipher suite is negotiated between the client and the server. In this cipher suite, the negotiated algorithms and encryptions are defined, which are agreed upon for the communication between the client and the server. The results of this negotiation should, in the best case, always include the latest encryption.

Whether a server would accept some older encryption methods and thus establish a rather insecure connection can be quickly checked with our Pentest Tool #3 SSLScan.

SSLScan negotiates several times with the entered server and then displays, which encryptions are accepted by the server for the cipher suite and which are not. Through this scan, system administrators, for example, have a quick overview of which servers need to be revised and which are at the current security level.




SSLScan in practice

Like for example our Pentest tool #1 dirbuster, SSLScan is already integrated in Kali Linux. With a simple command in the terminal we can start SSLScan and specify a domain or IP address of the server that we want SSLScan to test. With the command “sslscan –help” we get an output in the terminal with detailed explanations about individual setting options for the SSLScan.

In our example we are testing the web server of the institute for internet security. The domain for this is: “https://internet-sicherheit.de”. To start the SSLScan for this domain we enter “sslscan https://internet-sicherheit.de” into the terminal. Then the scan starts and gives us the results in the terminal, which encodings are accepted by the webserver. The displayed colors quickly show that many configurations are displayed with green, i.e. secure. But also some yellow configurations are shown, these should be adjusted by the server administrator.

History of the Pentest Tool #3 SSLScan

The first version of an SSL scanner was published by Ian Ventura-Whiting on the website of titania. This version was further developed by other developers. With version 2.0 some changes were added to the first version, among others TLS 1.2 and TLS 1.3 could now be scanned without any OS bindings.

Like many other Pentest tools, SSLScan is open source, meaning that the source code is public and can be viewed and developed by anyone. The repository of version 2.0 is accessible like many other programs on the platform GitHub.

The current version was also developed by another developer. The GitHub user named DinoTools has further developed version 2.0 and implemented e.g. IPv4 and IPv6. This version is also published on GitHub and references previous versions. So if you want to get a more detailed overview of the history of this pentest tool, you should check public repositories which are linked in this article.