sslyze 找出網站有關SSL訊息

作者: -


找出網站有關SSL相關訊息

安裝:  

sudo apt-get update --fix-missing   

sudo apt-get install sslyze

例如:

sudo sslyze --version  <URL>

sudo sslyze --regular  <URL>



=============================================

sudo sslyze -h             

Usage: sslyze [options] target1.com target2.com:443 target3.com:443{ip} etc...


Options:

  --version             show program's version number and exit

  -h, --help            show this help message and exit

  --regular             Regular HTTPS scan; shortcut for --sslv2--sslv3--tlsv1

                        --tlsv1_1--tlsv1_2--tlsv1_3--reneg--resum--certinfo--

                        hide_rejected_ciphers--compression--heartbleed--

                        openssl_ccs--fallback--robot--elliptic_curves


  Trust stores options:

    --update_trust_stores

                        Update the default trust stores used by SSLyze. The

                        latest stores will be downloaded from https://github.c

                        om/nabla-c0d3/trust_stores_observatory. This option is

                        meant to be used separately, and will silence any

                        other command line option supplied to SSLyze.


  Client certificate options:

    --cert=CERT         Client certificate chain filename. The certificates

                        must be in PEM format and must be sorted starting with

                        the subject's client certificate, followed by

                        intermediate CA certificates if applicable.

    --key=KEY           Client private key filename.

    --keyform=KEYFORM   Client private key format. DER or PEM (default).

    --pass=KEYPASS      Client private key passphrase.


  Input and output options:

    --json_out=JSON_FILE

                        Write the scan results as a JSON document to the file

                        JSON_FILE. If JSON_FILE is set to "-", the JSON output

                        will instead be printed to stdout. The resulting JSON

                        file is a serialized version of the ScanResult objects

                        described in SSLyze's Python API: the nodes and

                        attributes will be the same. See https://nabla-c0d3.gi

                        thub.io/sslyze/documentation/available-scan-

                        commands.html for more details.

    --targets_in=TARGETS_IN

                        Read the list of targets to scan from the file

                        TARGETS_IN. It should contain one host:port per line.

    --quiet             Do not output anything to stdout; useful when using

                        --json_out.


  Connectivity options:

    --slow_connection   Greatly reduce the number of concurrent connections

                        initiated by SSLyze. This will make the scans slower

                        but more reliable if the connection between your host

                        and the server is slow, or if the server cannot handle

                        many concurrent connections. Enable this option if you

                        are getting a lot of timeouts or errors.

    --https_tunnel=HTTPS_TUNNEL

                        Tunnel all traffic to the target server(s) through an

                        HTTP CONNECT proxy. HTTP_TUNNEL should be the proxy's

                        URL: 'http://USER:PW@HOST:PORT/'. For proxies

                        requiring authentication, only Basic Authentication is

                        supported.

    --starttls=STARTTLS

                        Perform a StartTLS handshake when connecting to the

                        target server(s). StartTLS should be one of: auto,

                        smtp, xmpp, xmpp_server, pop3, imap, ftp, ldap, rdp,

                        postgres. The 'auto' option will cause SSLyze to

                        deduce the protocol (ftp, imap, etc.) from the

                        supplied port number, for each target servers.

    --xmpp_to=XMPP_TO   Optional setting for STARTTLS XMPP. XMPP_TO should be

                        the hostname to be put in the 'to' attribute of the

                        XMPP stream. Default is the server's hostname.

    --sni=SNI           Use Server Name Indication to specify the hostname to

                        connect to.  Will only affect TLS 1.0+ connections.


  Scan commands:

    --tlsv1_3           Test a server for TLS 1.3 support.

    --heartbleed        Test a server for the OpenSSL Heartbleed

                        vulnerability.

    --sslv2             Test a server for SSL 2.0 support.

    --tlsv1_1           Test a server for TLS 1.1 support.

    --reneg             Test a server for for insecure TLS renegotiation and

                        client-initiated renegotiation.

    --elliptic_curves   Test a server for supported elliptic curves.

    --http_headers      Test a server for the presence of security-related

                        HTTP headers.

    --resum_rate        Measure a server's session resumption rate when

                        attempting 100 resumptions using session IDs.

    --openssl_ccs       Test a server for the OpenSSL CCS Injection

                        vulnerability (CVE-2014-0224).

    --robot             Test a server for the ROBOT vulnerability.

    --fallback          Test a server for the TLS_FALLBACK_SCSV mechanism to

                        prevent downgrade attacks.

    --resum             Test a server for session resumption support using

                        session IDs and TLS tickets.

    --early_data        Test a server for TLS 1.3 early data support.

    --compression       Test a server for TLS compression support, which can

                        be leveraged to perform a CRIME attack.

    --tlsv1_2           Test a server for TLS 1.2 support.

    --sslv3             Test a server for SSL 3.0 support.

    --tlsv1             Test a server for TLS 1.0 support.

    --certinfo          Retrieve and analyze a server's certificate(s) to

                        verify its validity.

    --certinfo_ca_file=CERTINFO_CA_FILE

                        Path to a file containing root certificates in PEM

                        format that will be used to verify the validity of the

                        server's certificate.


留言

張貼留言

這個網誌中的熱門文章

dos2unix 與 unix2dos 說明(報告工具)

作者: -
圖片
sudo dos2unix -h   sudo unix2dos -h 用來轉換dos與unix 文件中換行錯誤, 避免打開混亂的亂碼 sudo dos2unix -h   用法: dos2unix [選項] [file ...] [-n infile outfile ...]  --allow-chown         allow file ownership change  -ascii                只轉換換行字元(預設)  -iso                  在DOS 和ISO-8859-1 字元集間轉換    -1252               使用Windows 1252 編碼頁(西歐)    -437                使用DOS 437 編碼頁(US) (預設)    -850                使用DOS 850 編碼頁(西歐)    -860                使用DOS 860 編碼頁(葡萄牙)    -863                使用DOS 863 編碼頁(加拿大法語)    -865                使用DOS 865 編碼頁(北歐)  -7    ...
閱讀完整內容

proxystrike

作者: -
圖片
這一套 是 透 過 瀏覽器繞道(proxy)到此軟體, 然後 修改 或監控命令, 來達成分析或破解 執行步驟: 1. 須先下指令執行: proxystrike 2. 確定開啟畫面中> config> port 是多少(內定是8008) 3. 到 瀏覽器(例如: firefox),  去設定proxy , 選定 kali IP 或 localhost (本身就是) , port:8008 4. 可以瀏覽某一網站(例如: http://www.hinet.net) 參考: 官方:  http://www.edge-security.com/proxystrike.php 1.  https://www.youtube.com/watch?v=l8kioy4QX7U 2.  https://www.youtube.com/watch?v=bcYITh1kfBM 下載window版2.0:  http://www.edge-security.com/soft/proxystrike-v2.0.zip
閱讀完整內容

有關 Maltego

作者: -
圖片
這是一套~從外頭去查探收集資料的目標(網域或主機) 好像現實翻垃圾桶, 從所有相關性找出可能的帳號密碼 畢竟很多時候, 帳號比較容易得到 而密碼又跟自己習慣相關, 例如:生日 車牌 等等 這樣總是會翻出很多資料 如果搭配其他軟體, 例如: nmap  去掃可能的port 登入測試就可能被通過... 記得要去註冊個帳號密碼... 參考: 1.  https://ascc.sinica.edu.tw/iascc/articals.php?_section=2.4&_op=?articalID:6638 2.  http://wifibeta.com/2012-03/thread-675-1-1.html 下載: http://www.paterva.com/web6/products/download3.php
閱讀完整內容