Knowing the SSL

One thing which I have noticed during the testing is that there are a number of vulnerabilities which occur due to TLS version and cipher suite used. So, I have added a few new tricks in my arsenal to hunt for SSL/TLS which are being used.

1 . Using SSLSCAN

2. Using NMAP scripting engine

we will discuss both of them one by one

First: SSL scan

Command: SSL scan

1-sslscan2-sslscan3-sslscan4-sslscan

SECOND : NMAP NSE

command : nmap –script ssl-enum-ciphers.nse target

1-nmap2-nmap3-nmap

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s