SSL Audit (alpha)

Developed as part of G-SEC's investigation for the
"Secure SSL/TLS configuration Report 2010" (to be published)
we developed this little tool called SSL Audit.

It is in alpha stage and thought it has a little interesting
gimmick, don't expect too much.

It  implements  it's  own tiny SSL parsing engine and does not rely on
OpenSSL or any other SSL Engine - This implies that it can detect
ciphers suites not supported by OpenSSL and others.

Apart from scanning available ciphersuites it has an interesting tidbit
The Fingerprint mode (Experimental). Included is an experimental
fingerprint engine that tries to determine the SSL Engine used server
side. It does so by sending normal and malformed SSL packets that can
be interpreted in different ways.

SSL Audit is able to fingerprint :
· IIS7.5 (Schannel)
· IIS7.0 (Schannel)
· IIS 6.0 (Schannel)
· Apache (Openssl)
· Apache (NSS)
· Certicom
· RSA BSAFE

Blog Post :
http://blog.g-sec.lu/2010/02/ssltls-audit-alpha-tool-release.html

Documentation:
http://www.g-sec.lu/sslaudit/documentation.pdf

Regards,

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值