sslscan2
An alpha build of sslscan 2 has been merged into master. If you want the old code, the tag 1.11.11-rbsec was the last release in that branch.
The main changes in sslscan2 is a major rewrite of the backend scanning code, which means that it is no longer reliant on the version of OpenSSL for many checks. This means that it is possible to support legacy protocols (SSLv2 and SSLv3), as well as supporting TLSv1.3 - regardless of the version of OpenSSL that it has been compiled against.
This has been made possible largely by the work of jtesta, who has been responsible for most of the backend rewrite.
Other key changes include:
- Enumeration of server key exchange groups.
- Enumeration of server signature algorithms.
- SSLv2 and SSLv3 protocol support it scanned, but individual ciphers are not.
- A test suite is included using Docker, to verify that sslscan is functionality correctly.
There are likely to be bugs in this version, so please report any that you encounter.
README
See the sslscan2 branch for a beta build of the new version, which supports TLSv1.3.
This is a fork of ioerror's version of sslscan (the original readme of which is included below). Changes are as follows:
- Highlight SSLv2 and SSLv3 ciphers in output.
- Highlight CBC ciphers on SSLv3 (POODLE).
- Highlight 3DES and RC4 ciphers in output.
- Highlight PFS+GCM ciphers as good in output.
- Highlight NULL (0 bit), weak (<40 bit) and medium (40 < n <= 56) ciphers in output.
- Highlight anonymous (ADH and AECDH) ciphers in output (purple).
- Hide certificate information by default (display with
--get-certificate). - Hide rejected ciphers by default (display with
--failed). - Added TLSv1.1 and TLSv1.2 support (merged from twwbond/sslscan).
- Compiles if OpenSSL does not support SSLv2 ciphers (merged from digineo/sslscan).
- Supports IPv6 hostnames (can be forced with
--ipv6). - Check for TLS compression (CRIME, disable with
--no-compression). - Disable cipher suite checking
--no-ciphersuites. - Disable coloured output
--no-colour. - Removed undocumented -p output option.
- Added check for OpenSSL HeartBleed (CVE-2014-0160, disable with
--no-heartbleed). - Flag certificates signed with MD5 or SHA-1, or with short (<2048 bit) RSA keys.
- Support scanning RDP servers with
--rdp(credit skettler). - Added option to specify socket timeout.
- Added option for static compilation (credit dmke).
- Added
--sleepoption to pause between requests. - Disable output for anything than specified checks
--no-preferred. - Determine the list of CAs acceptable for client certificates
--show-client-cas. - Experimental build support on OSX (credit MikeSchroll).
- Flag some self-signed SSL certificates.
- Experimental Windows support (credit jtesta).
- Display EC curve names and DHE key lengths with OpenSSL >= 1.0.2
--no-cipher-details. - Flag weak DHE keys with OpenSSL >= 1.0.2
--cipher-details. - Flag expired certificates.
- Flag TLSv1.0 ciphers in output as weak.
- Experimental OSX support (static building only).
- Support for scanning PostgreSQL servers (credit nuxi).
- Check for TLS Fallback SCSV support.
- Added StartTLS support for LDAP
--starttls-ldap. - Added SNI support
--sni-name(credit Ken). - Support STARTTLS for MySQL (credit bk2017).
Building on Windows
Thanks to a patch by jtesta, sslscan can now be compiled on Windows. This can either be done natively or by cross-compiling from Linux. See INSTALL for instructions.
Note that sslscan was originally written for Linux, and has not been extensively tested on Windows. As such, the Windows version should be considered experimental.
Pre-build cross-compiled Windows binaries are available on the GitHub Releases Page.
Building on OS X
There is experimental support for statically building on OS X, however this should be considered unsupported. You may need to install any dependencies required to compile OpenSSL from source on OS X. Once you have, just run:
make static
OpenSSL issues
OpenSSL 1.1.0 and later
OpenSSL 1.1.0 introduced a number of significant changes, including the removal of old and insecure features such as SSLv2. While this is a very good thing for the SSL ecosystem as a whole, it is a problem for sslscan, which relies on these legacy features being available in order to detect them on client system.
In order to work around this, sslscan builds against Peter Mosmans' fork of OpenSSL, which backports the Chacha20 and Poly1305 ciphers to OpenSSL 1.0.2, while keeping the dangerous legacy features (such as SSLv2 and EXPORT ciphers) enabled.
TLSv1.3 and the future of sslscan
Since the OpenSSL made the (very sensible) choice to remove support for legacy and insecure protocols and ciphers, sslscan has relied on a fork of OpenSSL by Peter Mossmans which provided support for both these legacy ciphers and newly added ciphers (such as ChaCha). However, this fork of OpenSSL does not support TLSv1.3. To my knowledge there is no version of OpenSSL which supports both the legacy crypto (SSLv2, EXPORT ciphers, etc) and TLSv1.3 - which means that it is not possible to build sslscan with support for both.
The primary goal of sslscan is to identify misconfigurations and security weaknesses in the SSL configuration of a target system, so support for the legacy ciphers and protocols is much more important than for the newer (secure) protocols like TLSv1.3 - however over time this will change as new vulnerabilities are found.
Supporting both SSLv2 an TLSv1.3 in sslscan would either require a fork of OpenSSL with all the new code backported (which would be increasingly difficult to maintain over time), or a complete rewrite of sslscan to not rely on the OpenSSL library. This is not a project that I have the time available for at present, and if I did, it would probably be a better investment of time to work on one of the other SSL scanning tools, rather than starting from scratch.
As such, sslscan should be considered legacy. I will still maintain it as far as I have time, but it is unlikely to ever support TLSv1.3, unless an OpenSSL fork is created by someone else that supports this while maintaining the insecure crypto that sslscan requires to be useful.
Statically linking a custom OpenSSL build
It is possible to ignore the OpenSSL system installation and ship your own
version. Although this results in a more resource-heavy sslscan binary
(file size, memory consumption, etc.), this allows to enable both SSLv2 and
SSLv3 ciphers. In comparison to the method of repackaging the
Debian build, this custom OpenSSL build won't affect other tools on the same
system, as they would use the version packaged by the distro's maintainers.
To compile your own OpenSSL version, you'll probably need to install the OpenSSL build dependencies:
apt-get install build-essential git zlib1g-dev
apt-get build-dep openssl
then run
make static
which will clone the OpenSSL repository,
and configure/compile/test OpenSSL prior to compiling sslscan.
Please note: Out of the box, OpenSSL cannot compiled with clang without
further customization (which is not done by the provided Makefile).
For more information on this, see Modifying Build Settings
in the OpenSSL wiki.
You can verify whether you have a statically linked OpenSSL version, if
./sslscan --version
looks a bit like
1.x.y-...-static
OpenSSL 1.0.2-chacha xx XXX xxxx
(pay attention to the -static suffix and the 1.0.2-chacha OpenSSL version).
Building on Kali
Kali now ships with a statically built version of sslscan which supports SSLv2. You can install it with:
apt install sslscan
The package can be found in the Kali Git Repository.
If for whatever reason you can't install this package, follow the instructions above for statically building against OpenSSL.
Building on Debian
It is recommended that you statically build sslscan using the instructions listed above. If this is not an option and you want to compile your system OpenSSL with support for legacy protocols such as SSLv2 and SSLv3 then follow the instructions below.
Note that many modern distros (including Debian) ship with a version of OpenSSL
that disables support for SSLv2 ciphers. If sslscan is compiled on one of
these distros, it will not be able to detect SSLv2.
This issue can be resolved by rebuilding OpenSSL from source after removing the patch that disables SSLv2 support.
The build_openssl_debian.sh script automates this process for Debian systems.
It has been tested on Debian Squeeze/Wheezy; it may work on other
Debian based distros, but has not been tested. The built version of OpenSSL
will be installed using dpkg.
If it is not possible to rebuild OpenSSL, sslscan will still compile
(thanks to a patch from digineo/sslscan,
based on the debian patch). However, a warning will be displayed in the
output to notify the user that SSLv2 ciphers will not be detected.
Original (ioerror) README
This is a fork of sslscan.c to better support STARTTLS.
The original home page of sslscan is:
http://www.titania.co.uk
sslscan was originally written by:
Ian Ventura-Whiting
The current home page of this fork (until upstream merges a finished patch) is:
http://www.github.com/ioerror/sslscan
Most of the pre-TLS protocol setup was inspired by the OpenSSL s_client.c program. The goal of this fork is to eventually merge with the original project after the STARTTLS setup is polished.
Some of the OpenSSL setup code was borrowed from The Tor Project's Tor program. Thus it is likely proper to comply with the BSD license by saying: Copyright (c) 2007-2010, The Tor Project, Inc.
Commit History @upstream/2.0.0_alpha1
- New upstream version 2.0.0~alpha1 Sophie Brun 4 years ago
- New upstream version 1.11.13-rbsec Sophie Brun 5 years ago
- New upstream version 1.11.12-rbsec Sophie Brun 5 years ago
- New upstream version 1.11.11-rbsec Sophie Brun 6 years ago
- New upstream version 1.11.10-rbsec Sophie Brun 7 years ago
- New upstream version 1.11.9-rbsec Sophie Brun 7 years ago
- New upstream version 1.11.8-rbsec Sophie Brun 7 years ago
- Imported Upstream version 1.11.7-rbsec Sophie Brun 7 years ago
- Imported Upstream version 1.11.6-rbsec Sophie Brun 8 years ago
- Imported Upstream version 1.11.5-rbsec Sophie Brun 8 years ago