forked from rbsec/sslscan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sslscan.1
154 lines (153 loc) · 3.27 KB
/
sslscan.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
.TH SSLSCAN 1 "December 30, 2013"
.SH NAME
sslscan \- Fast SSL/TLS scanner
.SH SYNOPSIS
.B sslscan
.RI [ options ] " [host:port | host]"
.SH DESCRIPTION
This manual page documents briefly the
.B sslscan
command
.PP
\fBsslscan\fP queries SSL/TLS services, such as HTTPS, in order to determine the
ciphers that are supported.
SSLScan is designed to be easy, lean and fast. The output includes preferred
ciphers of the SSL/TLS service, and text and XML output formats are supported. It is TLS SNI aware when used with a supported version of OpenSSL.
.SH OPTIONS
.TP
.B \-\-help
.br
Show summary of options
.TP
.B \-\-version
Show version of program
.TP
.B \-\-targets=<file>
A file containing a list of hosts to
check. Hosts can be supplied with
ports (i.e. host:port). One target per line
.TP
.B \-\-ipv4
.br
Force IPv4 DNS resolution.
Default is to try IPv4, and if that fails then fall back to IPv6.
.TP
.B \-\-ipv6
.br
Force IPv6 DNS resolution.
Default is to try IPv4, and if that fails then fall back to IPv6.
.TP
.B \-\-show\-certificate
Display certificate information.
.TP
.B \-\-no\-check\-certificate
Don't flag certificates signed with weak algorithms (MD5 and SHA-1) or short (<2048 bit) RSA keys
.TP
.B \-\-failed
Show rejected ciphers
(default is to listing only accepted ciphers)
.TP
.B \-\-ssl2
.br
Only check SSLv2 ciphers
.TP
.B \-\-ssl3
.br
Only check SSLv3 ciphers
.TP
.B \-\-tls10
.br
Only check TLS 1.0 ciphers
.TP
.B \-\-tls11
.br
Only check TLS 1.1 ciphers
.TP
.B \-\-tls12
.br
Only check TLS 1.2 ciphers
.TP
.B \-\-tlsall
.br
Only check TLS ciphers (versions 1.0, 1.1 and 1.2)
.TP
.B \-\-pk=<file>
A file containing the private key or
a PKCS#12 file containing a private
key/certificate pair (as produced by
MSIE and Netscape)
.TP
.B \-\-pkpass=<password>
The password for the private key or PKCS#12 file
.TP
.B \-\-certs=<file>
A file containing PEM/ASN1 formatted client certificates
.TP
.B \-\-no\-ciphersuites
Only check for supported SSL/TLS versions, not ciphersuites
.TP
.B \-\-no\-renegotiation
Do not check for secure TLS renegotiation
.TP
.B \-\-no\-compression
Do not check for TLS compression (CRIME)
.TP
.B \-\-no\-heartbleed
Do not check for OpenSSL Heartbleed (CVE-2014-0160)
.TP
.B \-\-starttls\-ftp
STARTTLS setup for FTP
.TP
.B \-\-starttls\-imap
STARTTLS setup for IMAP
.TP
.B \-\-starttls\-pop3
STARTTLS setup for POP3
.TP
.B \-\-starttls\-smtp
STARTTLS setup for SMTP
.br
Note that some servers hang when we try to use SSLv3 ciphers over STARTTLS. If you scan hangs, try using the --tlsall option.
.TP
.B \-\-starttls\-xmpp
STARTTLS setup for XMPP
.TP
.B \-\-rdp
.br
Send RDP preamble before starting scan.
.TP
.B \-\-html
.br
Makes a HTML request after a successful connection and returns
the server response code
.TP
.B \-\-bugs
.br
Enables workarounds for SSL bugs
.TP
.B \-\-xml=<file>
.br
Output results to an XML file
.br
.TP
.B \-\-no-colour
.br
Disable coloured output.
.SH EXAMPLES
.LP
Scan a local HTTPS server
.RS
.nf
sslscan localhost
sslscan 127.0.0.1
sslscan 127.0.0.1:443
sslscan [::1]
sslscan [::1]:443
.SH AUTHOR
sslscan was originally written by Ian Ventura-Whiting <[email protected]>.
.br
sslscan was extended by Jacob Appelbaum <[email protected]>.
.br
sslscan was extended by rbsec <[email protected]>.
.br
This manual page was originally written by Marvin Stark <[email protected]>.