SSL Scan
SSL Scan
SSLScan determines what ciphers are supported on SSL-based services, such as HTTPS. Furthermore, SSLScan will determine the prefered ciphers of the SSL service.
Contents
Requirements
SSLScan requires the GNU C compiler and the OpenSSL library. Both of these are usually installed by default on a number of Linux distributions. Although this program has not been tested on other platforms it should work if the requirements have been met.
Building
To build SSLScan, first extract the archive and change into the source directory. Then execute the following command:
gcc -lssl -o sslscan sslscan.c
On Apple Mac OS X you will need to install the ports version of OpenSSL as the version that comes with your Mac is missing a few things. So if you don't already have ports installed, download it from www.macports.org. You can install the latest OpenSSL using the following command:
sudo port install openssl
SSL Scan can then be built using the following command:
gcc -I/opt/local/include -L/opt/local/lib -lssl -lcrypto -o sslscan sslscan.c
Running
In its simplist form, SSLScan can be run with only one parameter, just specify the host to test. SSLScan will default to port 443 if a port is not specified. The following screenshot shows SSLScan being run, testing only the SSLv2 ciphers.
The command line arguements for SSLScan are:
Command:
sslscan [Options] [host:port | host]
Options:
--targets= A file containing a list of hosts to
check. Hosts can be supplied with
ports (i.e. host:port).
--no-failed List only accepted ciphers (default
is to listing all ciphers).
--ssl2 Only check SSLv2 ciphers.
--ssl3 Only check SSLv3 ciphers.
--tls1 Only check TLSv1 ciphers.
--pk= A file containing the private key or
a PKCS#12 file containing a private
key/certificate pair (as produced by
MSIE and Netscape).
--pkpass= The password for the private key or
PKCS#12 file.
--certs= A file containing PEM/ASN1 formatted
client certificates.
--starttls If a STARTTLS is required to kick an
SMTP service into action.
--http Test a HTTP connection.
--bugs Enable SSL implementation bug work-
arounds.
--xml= Output results to an XML file.
--version Display the program version.
--help Display the help text you are now
Third Party
Jabra has developed an XML parser for SSLScan which can be downloaded from http://search.cpan.org/~jabra/.
Downloads
The latest versions of SSLScan can be obtained from the Source Forge project download page.
Legacy Downloads
| Version | Description | |
| 1.8.0 | Source code |  |
| 1.7 | Source code | |
| 1.6 | Source code | |
| 1.5 | Source code | |
| 1.4 | Source code | |
| 1.3 | Source code | |
| 1.2 | Source code | |
| 1.1 | Source code | |
| 1.0 | Source code | |
Changes
Version: 1.8.2
Date : 19/06/2009
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Fixed output with HTML disabled
> Fixed XML critical
Version: 1.8.1
Date : 25/05/2009
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Fixed some compiler warnings.
Version: 1.8.0
Date : 19/05/2009
Author : Ian Ventura-Whiting (Fizz)
Thanks : John Nichols
Changes: The following are a list of changes
since the previous version:
> Added SSL implementation workaround
option.
> Added HTTP connection testing.
> Fixed Certification validation XML
output.
Version: 1.7.1
Date : 20/04/2008
Author : Ian Ventura-Whiting (Fizz)
Thanks : Mark Lowe
Changes: The following are a list of changes
since the previous version:
> Added HELO for SMTP checks
> Increased read buffer size
Version: 1.7
Date : 18/04/2008
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Added STARTTLS SMTP capability
> Fixed XML output format bug
Version: 1.6
Date : 30/12/2007
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Added man page.
> Improved certificate checking
> Added Makefile
Version: 1.5
Date : 25/09/2007
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Update to the license to make it
BINARY compatible with OpenSSL. Its
then easier for the packagers.
Version: 1.4
Date : 03/09/2007
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Added Server Certificate ouput.
> Added support for client certs.
> Added support for private keys
and password.
> Added support for PKCS#12.
> Fixed xml output.
Version: 1.3
Date : 06/08/2007
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Added XML file output option.
> Improved help text.
> Added program URL.
Version: 1.2
Date : 16/07/2007
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Removed unused variable
> Other minor changes.
Version: 1.1
Date : 13/07/2007
Author : Ian Ventura-Whiting (Fizz)
Changes: The following are a list of changes
since the previous version:
> Correction in banner text
> Host:Port now directly from the
command-line.
Version: 1.0
Date : 13/07/2007
Author : Ian Ventura-Whiting (Fizz)
Notes : Initial version of sslscan
License
SSLScan is covered by GPL version 3 with the following exclusion:
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.
You can get a copy of the GPLv3 license from here.