251 lines
8.4 KiB
HTML
251 lines
8.4 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
|
|
<meta http-equiv="X-Content-Type-Options" content="nosniff">
|
|
<link rel="stylesheet" href="../assets/css/style.css">
|
|
<link rel="icon" type="image/x-icon" href="../favicon.ico">
|
|
<script>
|
|
// Apply theme immediately to prevent flash
|
|
(function() {
|
|
const theme = localStorage.getItem('theme') ||
|
|
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
|
|
document.documentElement.setAttribute('data-theme', theme);
|
|
})();
|
|
</script>
|
|
<title>sslyze Cheatsheet - Cheatsheets - Launch Pad</title>
|
|
</head>
|
|
<body>
|
|
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
|
|
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
|
|
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
|
|
</button>
|
|
<br/><br/>
|
|
<div class="name">
|
|
__ _______________________ _________._________________________
|
|
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
|
|
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
|
|
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
|
|
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
|
|
\/ \/ \/ \/ \/ \/ \/
|
|
</div>
|
|
<div class="blog-page-header">
|
|
<div class="blog-header-content">
|
|
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
|
|
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
|
|
</a>
|
|
<h1 class="blog-page-title">sslyze Cheatsheet</h1>
|
|
</div>
|
|
</div>
|
|
<div class="blog-post-container">
|
|
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
|
|
<div class="blog-post">
|
|
<div class="blog-post-content">
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
<hr>
|
|
<p>SSLyze is a fast and powerful SSL/TLS scanning tool. It analyzes SSL/TLS configuration to detect misconfigurations, weak ciphers, and vulnerabilities like Heartbleed, ROBOT, and more.</p>
|
|
<hr>
|
|
<h2>Basic Usage</h2>
|
|
<ul>
|
|
<li>sslyze <hostname> - Basic scan</li>
|
|
</ul>
|
|
<ul>
|
|
<li>sslyze <hostname>:<port> - Scan specific port</li>
|
|
</ul>
|
|
<ul>
|
|
<li>sslyze --targets_in=hosts.txt - Scan from file</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Scan Commands</h2>
|
|
<ul>
|
|
<li>--sslv2 - Check for SSLv2 support</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--sslv3 - Check for SSLv3 support</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--tlsv1 - Check for TLSv1.0 support</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--tlsv1_1 - Check for TLSv1.1 support</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--tlsv1_2 - Check for TLSv1.2 support</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--tlsv1_3 - Check for TLSv1.3 support</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Vulnerability Scans</h2>
|
|
<ul>
|
|
<li>--heartbleed - Test for Heartbleed vulnerability</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--openssl_ccs - Test for OpenSSL CCS Injection</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--robot - Test for ROBOT vulnerability</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--fallback - Test for TLS Fallback SCSV</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--reneg - Test for session renegotiation</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--resum - Test for session resumption</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--early_data - Test for TLS 1.3 early data</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Certificate Checks</h2>
|
|
<ul>
|
|
<li>--certinfo - Certificate and chain information</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Cipher Suites</h2>
|
|
<ul>
|
|
<li>--http_headers - Check security headers (HSTS, etc.)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--compression - Test for TLS compression (CRIME)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--elliptic_curves - Supported elliptic curves</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Output Options</h2>
|
|
<ul>
|
|
<li>--json_out=file.json - JSON output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--quiet - Quiet mode (less output)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--mozilla_config - Compare against Mozilla config</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Connection Options</h2>
|
|
<ul>
|
|
<li>--slow_connection - Longer timeouts for slow connections</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--https_tunnel=proxy:port - Use HTTPS proxy</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--starttls=protocol - Use STARTTLS (smtp, imap, etc.)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--xmpp_to=domain - For XMPP STARTTLS</li>
|
|
</ul>
|
|
<ul>
|
|
<li>--sni=hostname - Server Name Indication</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>STARTTLS Protocols</h2>
|
|
<ul>
|
|
<li>smtp - SMTP STARTTLS</li>
|
|
<li>xmpp - XMPP STARTTLS</li>
|
|
<li>xmpp_server - XMPP Server STARTTLS</li>
|
|
<li>ftp - FTP STARTTLS</li>
|
|
<li>pop3 - POP3 STARTTLS</li>
|
|
<li>imap - IMAP STARTTLS</li>
|
|
<li>ldap - LDAP STARTTLS</li>
|
|
<li>rdp - RDP STARTTLS</li>
|
|
<li>postgres - PostgreSQL STARTTLS</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Examples</h2>
|
|
<h3>Full Scan</h3>
|
|
<pre><code>sslyze example.com</code></pre>
|
|
<p>Complete SSL/TLS analysis.</p>
|
|
<h3>Specific Port</h3>
|
|
<pre><code>sslyze example.com:8443</code></pre>
|
|
<p>Scan non-standard HTTPS port.</p>
|
|
<h3>Check All Protocol Versions</h3>
|
|
<pre><code>sslyze --sslv2 --sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 --tlsv1_3 example.com</code></pre>
|
|
<p>Test all SSL/TLS versions.</p>
|
|
<h3>Vulnerability Check</h3>
|
|
<pre><code>sslyze --heartbleed --robot --openssl_ccs example.com</code></pre>
|
|
<p>Check for common vulnerabilities.</p>
|
|
<h3>Certificate Info</h3>
|
|
<pre><code>sslyze --certinfo example.com</code></pre>
|
|
<p>Get certificate details.</p>
|
|
<h3>SMTP STARTTLS</h3>
|
|
<pre><code>sslyze --starttls=smtp mail.example.com:25</code></pre>
|
|
<p>Test mail server TLS.</p>
|
|
<h3>JSON Output</h3>
|
|
<pre><code>sslyze --json_out=results.json example.com</code></pre>
|
|
<p>Save results as JSON.</p>
|
|
<h3>Multiple Targets</h3>
|
|
<pre><code>sslyze --targets_in=hosts.txt --json_out=results.json</code></pre>
|
|
<p>Scan multiple hosts from file.</p>
|
|
<h3>Check Security Headers</h3>
|
|
<pre><code>sslyze --http_headers example.com</code></pre>
|
|
<p>Check HSTS and other headers.</p>
|
|
<h3>Mozilla Compliance</h3>
|
|
<pre><code>sslyze --mozilla_config=intermediate example.com</code></pre>
|
|
<p>Compare against Mozilla recommended config.</p>
|
|
<hr>
|
|
<h2>What to Look For</h2>
|
|
<h3>Bad (Vulnerabilities)</h3>
|
|
<ul>
|
|
<li>SSLv2 or SSLv3 enabled</li>
|
|
<li>TLSv1.0 or TLSv1.1 enabled</li>
|
|
<li>Heartbleed vulnerable</li>
|
|
<li>ROBOT attack vulnerable</li>
|
|
<li>Weak cipher suites (RC4, DES, etc.)</li>
|
|
<li>Expired/invalid certificates</li>
|
|
<li>Missing HSTS header</li>
|
|
<li>TLS compression enabled (CRIME)</li>
|
|
</ul>
|
|
<h3>Good (Secure Config)</h3>
|
|
<ul>
|
|
<li>Only TLSv1.2 and TLSv1.3</li>
|
|
<li>Strong cipher suites only</li>
|
|
<li>Valid certificate chain</li>
|
|
<li>HSTS enabled with long max-age</li>
|
|
<li>Forward secrecy (ECDHE/DHE)</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Tips</h2>
|
|
<ul>
|
|
<li>Run full scans to get complete picture</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use JSON output for automated processing</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Check mail servers with STARTTLS option</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Compare against Mozilla configurations</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Disable SSLv2, SSLv3, TLSv1.0, TLSv1.1</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use strong ciphers only</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Great for compliance checks (PCI-DSS, etc.)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Combine with testssl.sh for comprehensive testing</li>
|
|
</ul>
|
|
<hr>
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<script async type="text/javascript" src="../blog/analytics.js"></script>
|
|
<script src="../theme.js"></script>
|
|
</body>
|
|
</html>
|