Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugin for sslscan #436

Open
daniejstriata opened this issue Aug 6, 2021 · 2 comments
Open

plugin for sslscan #436

daniejstriata opened this issue Aug 6, 2021 · 2 comments

Comments

@daniejstriata
Copy link

Can you please plugin sslscan?

source: https://github.com/rbsec/sslscan

Output:
→ ./sslscan www.example.com

Version: 2.0.10-4-g5224502-static
OpenSSL 1.1.1l-dev  xx XXX xxxx

Connected to 93.184.216.34

Testing SSL server www.example.com on port 443 using SNI name www.example.com

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve P-521 DHE 521
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve P-521 DHE 521
Accepted  TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve P-521 DHE 521
Preferred TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-521 DHE 521
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve P-521 DHE 521
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-521 DHE 521

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.3  192 bits  secp384r1 (NIST P-384)
TLSv1.3  260 bits  secp521r1 (NIST P-521)
TLSv1.2  192 bits  secp384r1 (NIST P-384)

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
ECC Curve Name:      secp384r1
ECC Key Strength:    192

Subject:  example.com
Altnames: DNS:id.example.com, DNS:in.example.com, DNS:example.com, DNS:example.com.au, DNS:example.com.hk, DNS:example.de, DNS:example.net, DNS:example.nl, DNS:example.org
Issuer:   R3

Not valid before: May 28 09:13:44 2021 GMT
Not valid after:  Aug 26 09:13:44 2021 GMT
@ezk06eer
Copy link

@daniejstriata we had considered the tool but we dont see information about any vulnerability tha we could map into our model. but feel free to follow this article to create your custom plugin.
https://docs.faradaysec.com/Basic-plugin-development/

@daniejstriata
Copy link
Author

daniejstriata commented Aug 25, 2021
edited

Often informational items is not aligned to policy. What I foresee is that if an informational item like TL 1.1 being active will create a warming.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daniejstriata @ezk06eer