SSLyze - Tool For Analysing SSL/TLS Configurations

SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and can help organizations and testers to identify misconfigurations that are affecting their SSL/TLS servers.

It uses an OpenSSL wrapper written in C called nassl, which is specifically developed for allowing SSLyze to access the low-level OpenSSL APIs needed to perform deep SSL testing.

Features:

• Python API, in order to run scans and process the results directly from Python.
• Scans are automatically dispatched among multiple processes, making them very fast.
• Performance testing: session resumption and TLS tickets support.
• Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more.
• Server certificate validation and revocation checking through OCSP stapling.
• Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres, and FTP.
• Support for client certificates when scanning servers that perform mutual authentication.
• Scan results can be written to an XML or JSON file for further processing.

And much more!

SSLyze can be installed directly via pip:

pip install --upgrade setuptools
pip install sslyze
sslyze --regular www.yahoo.com:443 www.google.com "[2607:f8b0:400a:807::2004]:443"

It is also easy to directly clone the repository and the fetch the requirements:

git clone https://github.com/nabla-c0d3/sslyze.git
cd sslyze
pip install -r requirements.txt --target ./lib
python -m sslyze --regular www.yahoo.com:443 www.google.com "[2607:f8b0:400a:807::2004]:443"

On Linux, the "python-dev" package needs to be installed first so that the nassl C extension can be compiled:

sudo apt-get install python-dev

SSLyze has been tested on the following platforms:

• Windows 7 (32 and 64 bits)
• Debian 7 (32 and 64 bits)
• MacOS Sierra

SSLyze can also be used as a Python module in order to run scans and process the results directly in Python.

A simple example follows:

# Setup the server to scan and ensure it is online/reachable
hostname = u'smtp.gmail.com'
try:
    server_info = ServerConnectivityInfo(hostname=hostname, port=587,
             tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP)
    server_info.test_connectivity_to_server()
except ServerConnectivityError as e:
    # Could not establish an SSL connection to the server
    raise RuntimeError(u'Error when connecting to {}: {}'.format(hostname, e.error_msg))
# Run one scan command synchronously to list the server's TLS 1.0 cipher suites
print(u'\nRunning one scan command synchronously...')
synchronous_scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = synchronous_scanner.run_scan_command(server_info, command)
for cipher in scan_result.accepted_cipher_list:
    print(u'    {}'.format(cipher.name))

Download SSLyze 1.1.0.zip

Download SSLyze 1.1.0.tar.gz

SSLyze GitHub Releases

You might also like:

• 14 Best IP Hide Tools 2016/2017

• ADHD - An Ubuntu Based Security Distribution

• ARPwner - ARP & DNS Poisoning Attack Tool

• Algorithm - The Hacker Movie

• TXDNS - An Aggressive Multithreaded DNS Digger/Brute-Forcer

• PwnPi - A Pen-testing Drop Box Distribution For Raspberry Pi

• Hydra - A Powerful Network Password Cracking Tool

• FTP Password Kracker - A Free Tool For Cracking FTP Passwords

• Subterfuge - An Automated Man-in-the-Middle Attack (MITM) Framework

• WiFi Passwords Share - Android App For Free-WiFi Junkies

• WIBR+ - WiFi Hacking Tool For Android