SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

Overview

SSLyze

Run Tests Downloads PyPI version Python version

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elliptic curves, etc.), and that it is not vulnerable to known TLS attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).

Key features

  • Focus on speed and reliability: SSLyze is a battle-tested tool that is used to reliably scan hundreds of thousands of servers every day.
  • Easy to operationalize: SSLyze can be directly run from CI/CD, in order to continuously check a server against Mozilla's recommended TLS configuration.
  • Fully documented Python API to run scans directly from any Python application, such as a function deployed to AWS Lambda.
  • Support for scanning non-HTTP servers including SMTP, XMPP, LDAP, POP, IMAP, RDP, Postgres and FTP servers.
  • Results of a scan can easily be saved to a JSON file for later processing.
  • And much more!

Quick start

On Windows, Linux (x86 or x64) and macOS, SSLyze can be installed directly via pip:

$ pip install --upgrade pip setuptools wheel
$ pip install --upgrade sslyze
$ python -m sslyze www.yahoo.com www.google.com "[2607:f8b0:400a:807::2004]:443"

It can also be used via Docker:

$ docker run --rm -it nablac0d3/sslyze:5.0.0 www.google.com

Lastly, a pre-compiled Windows executable can be downloaded from the Releases page.

Python API Documentation

Documentation for SSLyze's Python API is available here.

Usage as a CI/CD step

By default, SSLyze will check the server's scan results against Mozilla's recommended "intermediate" TLS configuration, and will return a non-zero exit code if the server is not compliant.

$ python -m sslyze mozilla.com
Checking results against Mozilla's "intermediate" configuration. See https://ssl-config.mozilla.org/ for more details.

mozilla.com:443: OK - Compliant.

The Mozilla configuration to check against can be configured via --mozilla-config={old, intermediate, modern}:

$ python -m sslyze --mozilla-config=modern mozilla.com
Checking results against Mozilla's "modern" configuration. See https://ssl-config.mozilla.org/ for more details.

mozilla.com:443: FAILED - Not compliant.
    * certificate_types: Deployed certificate types are {'rsa'}, should have at least one of {'ecdsa'}.
    * certificate_signatures: Deployed certificate signatures are {'sha256WithRSAEncryption'}, should have at least one of {'ecdsa-with-SHA512', 'ecdsa-with-SHA256', 'ecdsa-with-SHA384'}.
    * tls_versions: TLS versions {'TLSv1.2'} are supported, but should be rejected.
    * ciphers: Cipher suites {'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'} are supported, but should be rejected.

This can be used to easily run an SSLyze scan as a CI/CD step.

Development environment

To setup a development environment:

$ pip install --upgrade pip setuptools wheel
$ pip install -e . 
$ pip install -r dev-requirements.txt

The tests can then be run using:

$ invoke test

License

Copyright (c) 2021 Alban Diquet

SSLyze is made available under the terms of the GNU Affero General Public License (AGPL). See LICENSE.txt for details and exceptions.

Comments
  • Potential memory leak in the synchronous scanner

    Potential memory leak in the synchronous scanner

    if i run this in a endless loop, the memory is getting bigger and bigger. can anyone please help me. this is a really serious problem for me :(

    sslv20 = { 'version': 'SSLv20', 'command': Sslv20ScanCommand() } sslv30 = { 'version': 'SSLv30', 'command': Sslv30ScanCommand() } tlsv10 = { 'version': 'TLSv10', 'command': Tlsv10ScanCommand() } tlsv11 = { 'version': 'TLSv11', 'command': Tlsv11ScanCommand() } tlsv12 = { 'version': 'TLSv12', 'command': Tlsv12ScanCommand() }

    for protocol in [sslv20, sslv30, tlsv10, tlsv11, tlsv12]: scanner = SynchronousScanner(network_timeout=2, network_retries=2) scan_result = scanner.run_scan_command(server_info, protocol['command'])

    ...

    bug 
    opened by ericrange 18
  • Licensing clarification

    Licensing clarification

    sslyze lists it's license as GPLv2. Can you clarify if this is an intentional choice, or one made for historical reasons?

    GPLv2 makes perfect sense for the use of sslyze as a standalone tool, and preventing users from building a proprietary SSL analysis tool based off that codebase.

    However, I've got a use case that would involved deploying sslyze as part of a Software-as-a-Service platform. Under the terms of the GPLv2, this would be a completely legitimate usage of sslyze, and I would not be required to distribute the source code for my SaaS platform (see this FAQ on the GNU website).

    While I'm completely covered under the letter of the law, I'd rather not violate the spirit of the law in the way the project intended the sslyze API and codebase to be used.

    Are you able to:

    • Clarify that you have no objection to sslyze being used as part of a proprietary SaaS deployment; and/or
    • Provide (either to me specifically, or more generally) a license with more liberal terms (LGPL would be fine; MIT/BSD would be even better); or
    • Modify the license to be AGPL, or something that covers the SaaS use case?
    opened by freakboy3742 17
  • 1.0.0 python run_tests.py failures

    1.0.0 python run_tests.py failures

    I'm seeing these two errors and two failures when running python run_tests.py:

    ======================================================================
    ERROR: test_unicode_certificate (plugin_tests.test_certificate_info_plugin.CertificateInfoPluginTestCase)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_certificate_info_plugin.py", line 146, in test_unicode_certificate
        plugin_result = plugin.process_task(server_info, CertificateInfoScanCommand())
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/certificate_info_plugin.py", line 151, in process_task
        raise RuntimeError(u'Could not connect to the server; last error: {}'.format(last_exception))
    RuntimeError: Could not connect to the server; last error: TCP / Received RST
    
    ======================================================================
    ERROR: test_follows_client_cipher_suite_preference (plugin_tests.test_openssl_cipher_suites_plugin.OpenSslCipherSuitesPluginTestCase)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_openssl_cipher_suites_plugin.py", line 199, in test_follows_client_cipher_suite_preference
        plugin_result = plugin.process_task(server_info, Tlsv12ScanCommand())
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/openssl_cipher_suites_plugin.py", line 167, in process_task
        preferred_cipher = self._get_preferred_cipher_suite(server_connectivity_info, ssl_version, accepted_cipher_list)
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/openssl_cipher_suites_plugin.py", line 215, in _get_preferred_cipher_suite
        second_cipher = self._get_selected_cipher_suite(server_connectivity_info, ssl_version, second_cipher_string)
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/openssl_cipher_suites_plugin.py", line 235, in _get_selected_cipher_suite
        ssl_connection.connect()
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/utils/ssl_connection.py", line 166, in connect
        self.do_handshake()
      File "/usr/local/Cellar/sslyze/1.0.0/libexec/lib/python2.7/site-packages/nassl/ssl_client.py", line 144, in do_handshake
        handshake_data_in = self._sock.recv(self._DEFAULT_BUFFER_SIZE)
    timeout: timed out
    
    ======================================================================
    FAIL: test_not_trusted_by_mozilla_but_trusted_by_apple (plugin_tests.test_certificate_info_plugin.CertificateInfoPluginTestCase)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_certificate_info_plugin.py", line 174, in test_not_trusted_by_mozilla_but_trusted_by_apple
        self.assertEqual(plugin_result.successful_trust_store.name, u'Apple')
    AssertionError: u'Microsoft' != u'Apple'
    - Microsoft
    + Apple
    
    
    ======================================================================
    FAIL: test_tlsv1_2_enabled (plugin_tests.test_openssl_cipher_suites_plugin.OpenSslCipherSuitesPluginTestCase)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_openssl_cipher_suites_plugin.py", line 113, in test_tlsv1_2_enabled
        set(accepted_cipher_name_list))
    AssertionError: Items in the first set but not the second:
    'TLS_RSA_WITH_AES_128_CBC_SHA256'
    'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
    'OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'
    'TLS_RSA_WITH_AES_256_CBC_SHA256'
    'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
    
    ----------------------------------------------------------------------
    Ran 64 tests in 131.530s
    
    FAILED (failures=2, errors=2)
    /usr/local/Homebrew/Library/Homebrew/debrew.rb:11:in `raise'
    BuildError: Failed executing: python run_tests.py
    
    opened by ilovezfs 17
  • Diffie Helmann information for each cipher suite no longer returned

    Diffie Helmann information for each cipher suite no longer returned

    In version 2.0.0 the dh_info key for ciphers that use Diffie-Hellmann key exchange has disappeared. Are you planning to bring it back, or is it gone for good?

    Example JSON from 1.4.3:

        "tlsv1": {
                        "accepted_cipher_list": [
                            {
                                "dh_info": {
                                    "A": "0x00ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
                                    "B": "0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
                                    "Cofactor": "1",
                                    "Field_Type": "prime-field",
                                    "Generator": "0x046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
                                    "GeneratorType": "uncompressed",
                                    "GroupSize": "256",
                                    "Order": "0x00ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
                                    "Prime": "0x00ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
                                    "Seed": "0xc49d360886e704936a6678e1139d26b7819f7e90",
                                    "Type": "ECDH"
                                },
                                "is_anonymous": false,
                                "key_size": 256,
                                "openssl_name": "ECDHE-RSA-AES256-SHA",
                                "ssl_version": "TLSV1"
                            },
    

    Example from 2.0.0:

                            {
                                "is_anonymous": false,
                                "key_size": 256,
                                "openssl_name": "ECDHE-RSA-AES256-SHA",
                                "ssl_version": "TLSV1_1"
                            },
    
    enhancement 
    opened by BenjaminHae 16
  • TypeError - object of type 'UnrecognizedExtension' has no len()

    TypeError - object of type 'UnrecognizedExtension' has no len()

    python2 sslyze --regular www.pentest.co.uk

     * Certificate Information:
    Unhandled exception while running --certinfo:
    TypeError - object of type 'UnrecognizedExtension' has no len()
    

    net-analyzer/sslyze-1.4.2 dev-python/nassl-1.1.3

    opened by blshkv 16
  • Client side certs fail

    Client side certs fail

    Have been attempting to use it with some client certs (tried v0.13.2 and v0.13.3), which failed with the following error:

    Traceback (most recent call last): File "sslyze_cli.py", line 630, in File "sslyze_cli.py", line 532, in main _nassl.OpenSSLError: error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init

    Saw that there were changes in v0.12 e.g.

    • A full (client) certificate chain can now be supplied when using client certificates.

    So skipped to v0.11 which worked e.g. with the same command line/cert files etc:

    .\sslyze.exe --cert="pub.cer" --key="pri.pkcs8" --keyform="PEM" --pass="a" --regular super-secret-host:443

    opened by the-room 15
  • Issues with moving to OpenSSL 1.1.0

    Issues with moving to OpenSSL 1.1.0

    In OpenSSL 1.1.0, support for SSL 2.0 and export cipher suites was removed. This is good for the Internet but bad for SSLyze. We also cannot stay stuck on 1.0.2 forever as new cipher suites (ChaCha20 and Poly1305) were added 1.1.0. This might require writing a plugin to check for cipher suites and protocols that are not supported by OpenSSL.

    opened by nabla-c0d3 13
  • [nassl] use system openssl/zlib optionally

    [nassl] use system openssl/zlib optionally

    I'm adding sslyze to Gentoo (Pentoo) repository and facing the problem. The latest nassl v0.12 has no option to use existing system libraries even if they meet all requirements.

    Please specify which options of libraries must be enabled and allow to use system libraries.

    My quick patch is here: https://github.com/pentoo/pentoo-overlay/commit/dd9d21cdcb2aee07cdbec25b81c81d1c5f703395

    opened by blshkv 12
  • sslyze 1.4.2 installed via homebrew causes

    sslyze 1.4.2 installed via homebrew causes "certinfo: TypeError - object of type 'UnrecognizedExtension' has no len()"

    I noticed that certinfo fails with letsencrypt certificates:

    $ sslyze --certinfo letsencrypt.org
    
    
    
     AVAILABLE PLUGINS
     -----------------
    
      SessionRenegotiationPlugin
      SessionResumptionPlugin
      HttpHeadersPlugin
      RobotPlugin
      CompressionPlugin
      CertificateInfoPlugin
      FallbackScsvPlugin
      OpenSslCipherSuitesPlugin
      HeartbleedPlugin
      OpenSslCcsInjectionPlugin
    
    
    
     CHECKING HOST(S) AVAILABILITY
     -----------------------------
    
       letsencrypt.org:443                       => 92.123.27.128 
    
    
    
    
     SCAN RESULTS FOR LETSENCRYPT.ORG:443 - 92.123.27.128
     ----------------------------------------------------
    
     * Certificate Information:
    Unhandled exception while running --certinfo:
    TypeError - object of type 'UnrecognizedExtension' has no len()
    
    
     SCAN COMPLETED IN 0.50 S
     ------------------------
    

    Not sure which extension is breaking the scan. Other tests from the --regular suite work fine.

    I have eperienced the same with older and latest sslyze version:

    $ sslyze --version
    1.4.2
    

    Same problem can be seen on prominent sites with certificates from various issuers:

    • letsencrypt.org (Let's Encrypt) - https://www.ssllabs.com/ssltest/analyze.html?d=letsencrypt.org
    • mozilla.org (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=mozilla.org
    • wikipedia.org (GlobalSign) - https://www.ssllabs.com/ssltest/analyze.html?d=wikipedia.org
    • facebook.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=facebook.com
    • amazon.com (DigiCert) -https://www.ssllabs.com/ssltest/analyze.html?d=amazon.com
    • twitter.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=twitter.com
    • yahoo.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=yahoo.com
    • github.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=github.com
    • wordpress.com (Go Daddy) - https://www.ssllabs.com/ssltest/analyze.html?d=wordpress.com
    • reddit.com (DigiCert)
    • jquery.org (Let's Encrypt)
    • videolan.org (Let's Encrypt)

    Works fine testing:

    • google.com (Google Internet Authority) - https://www.ssllabs.com/ssltest/analyze.html?d=google.com
    • stackoverflow.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=stackoverflow.com
    • moz.com (CloudFlare) - https://www.ssllabs.com/ssltest/analyze.html?d=moz.com
    • slo-tech.com (Comodo) - https://www.ssllabs.com/ssltest/analyze.html?d=slo-tech.com

    According to #320, #311 and #293 this seems to be caused by unmet (poorly defined?) dependancy, an outdated version of cryptography, likely to be fixed in the homebrew formula: https://github.com/Homebrew/homebrew-core/blob/master/Formula/sslyze.rb#L46 @nabla-c0d3, could you check the dependancies and resources in that formula, so that we can ask them for a fix?

    Last relevant changes were done as part of https://github.com/Homebrew/homebrew-core/pull/28332 :

    • https://github.com/Homebrew/homebrew-core/commit/f19782edf2694bbec61fdddd4e0295680f9632e7 (by @ilovezfs and @mistydemeo)
    • https://github.com/Homebrew/homebrew-core/commit/52a167e08869396f734567550c0b1a877df05fc4 (by @BrewTestBot and @mistydemeo)
    opened by stefanb 10
  • Ciphers always randomly time out

    Ciphers always randomly time out

    I simply cannot configure sslyze not to time out on almost every run.

    Could you recommend a configuration which works reliably?

    Currently I run it the following way: sslyze-1_3_2\sslyze --timeout=120 --nb_retries=50 --json_out=result_tresorit.com.json --regular tresorit.com

    OSes I tested with:

    • Windows Server 2016 (1607) with latest updates (natively, not in WSL), VM: ~always times out
    • Windows 10 (1709) with latest updates (16299.192), physical machine: times out on every second run

    Run #1:

     * ROBOT Attack:
                                              OK - Not vulnerable
    
     * TLSV1 Cipher Suites:
         Undefined - An unexpected error happened:
            TLS_DH_RSA_WITH_AES_256_CBC_SHA                   timeout - timed out
            TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA             timeout - timed out
    
     * TLSV1_1 Cipher Suites:
         Undefined - An unexpected error happened:
            TLS_ECDH_anon_WITH_AES_256_CBC_SHA                timeout - timed out
            TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA              timeout - timed out
            TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA              timeout - timed out
            TLS_DHE_DSS_WITH_AES_256_CBC_SHA                  timeout - timed out
    

    Run #2:

     * ROBOT Attack:
                                              UNKNOWN - Received inconsistent results
    
     * TLSV1_2 Cipher Suites:
         Undefined - An unexpected error happened:
            TLS_DH_anon_WITH_AES_256_GCM_SHA384               timeout - timed out
            TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA             timeout - timed out
    

    Run #3:

     * ROBOT Attack:
                                              OK - Not vulnerable
    
     * SSLV3 Cipher Suites:
          Server rejected all cipher suites.
         Undefined - An unexpected error happened:
            TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  timeout - timed out
    

    Run #4:

     * ROBOT Attack:
                                              OK - Not vulnerable
    
     * SSLV3 Cipher Suites:
          Server rejected all cipher suites.
         Undefined - An unexpected error happened:
            TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA             timeout - timed out
            TLS_DHE_DSS_WITH_AES_256_CBC_SHA                  timeout - timed out
            TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA                 timeout - timed out
    
     * TLSV1_2 Cipher Suites:
         Undefined - An unexpected error happened:
            TLS_RSA_WITH_SEED_CBC_SHA                         timeout - timed out
            TLS_DHE_RSA_WITH_AES_128_GCM_SHA256               timeout - timed out
            RSA_WITH_AES_256_CCM                              timeout - timed out
    

    It looks totally random which cipher fails and which not. Also the ROBOT Attack check is not stable. And it finishes fast (in 18-20 seconds), I am pretty sure it does not retry 50 times or it does too fast, it does not matter at all.

    Any idea why does this happen?

    I started to dig deeper (aka started monitoring the requests with Wireshark), but I only saw that some connections were not closed properly, and kept alive until the process finished, but they are NOT the same connections which are timed out. So this can only cause problem if there is some active connection per host limit somewhere...

    Older sslyze version (sadly I don't know which one) worked reliably, but now I wanted to update to the latest (1.3.2).

    enhancement 
    opened by koczkatamas 10
  • --ca-file not working as expected

    --ca-file not working as expected

    Hi,

    Recently I was checking a client's host and I noticed something strange. I'm running sslyze like this:

    $ ./sslyze_v0.11/sslyze.py --regular host:443  
    (...)
      * Certificate - Trust:
          Hostname Validation:               OK - Subject Alternative Name matches
          Mozilla NSS CA Store (04/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Microsoft CA Store (04/2015):      FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Apple CA Store (OS X 10.10.3):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Certificate Chain Received:        ['host']
    (...)
    

    I also tried running OpenSSL directly:

    $ openssl s_client -connect host:443 -verify 5                      
    verify depth is 5
    CONNECTED(00000003)
    depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted]., OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted], OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted]., OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
    verify error:num=21:unable to verify the first certificate
    verify return:1
    (...)
    

    It seems that the certificate isn't valid, however when I opened the host on my browser (I tried Firefox, Chrome and IE) they all say that the certificate is verified. After digging a bit on the internet, I concluded that it's failing because there's an intermediate certificate which has the CN 'VeriSign Class 3 International Server CA - G3' which seems that is not trusted on some systems. So I downloaded the certificate from here https://www.tbs-certificates.co.uk/FAQ/en/600.html and ran again the OpenSSL with the -CAfile option:

    $ openssl s_client -connect host:443 -CAfile SVRIntlG3.crt -verify 5
    verify depth is 5
    CONNECTED(00000003)
    depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
    verify return:1
    depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 International Server CA - G3
    verify return:1
    depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted]., OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
    verify return:1
    
    ---
    

    No errors. However when I use the --ca_file parameter on sslyze, i still get all the errors:

    $ ./sslyze_v0.11/sslyze.py --regular --ca_file SVRIntlG3.crt host:443 
    (...)
      * Certificate - Trust:
          Hostname Validation:               OK - Subject Alternative Name matches
          Mozilla NSS CA Store (04/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Microsoft CA Store (04/2015):      FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Custom --ca_file CA Store (N/A):   FAILED - Certificate is NOT Trusted: unable to get issuer certificate
          Apple CA Store (OS X 10.10.3):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
          Certificate Chain Received:        ['host']
    (...)
    

    Maybe I'm using some option incorrectly, but I would expect sslyze to behave similarly to OpenSSL. (I had to omit the host and some info on the certs, sorry)

    opened by henshin 10
  • Does not follow redirect

    Does not follow redirect

    when I run it against my cable modem/router, it won't scan:

    $ python3 -m sslyze 192.168.0.1:443    
    
     AVAILABLE PLUGINS
     -----------------
    
      OpenSslCcsInjectionPlugin
      RobotPlugin
      SessionRenegotiationPlugin
      CompressionPlugin
      SessionResumptionPlugin
      HttpHeadersPlugin
      OpenSslCipherSuitesPlugin
      FallbackScsvPlugin
      CertificateInfoPlugin
      EarlyDataPlugin
      HeartbleedPlugin
    
     CHECKING HOST(S) AVAILABILITY
     -----------------------------
    
       192.168.0.1:443                       => 192.168.0.1 
    
     SCAN COMPLETED IN 0.08 S
     ------------------------
    
    

    However it brings up a webpage when I go to it on my browser

    image

    It redirects internally to https and takes me to the login page: image

    But I can also browse directly to https://192.168.0.1

    Is sslyze tripping up because it can't follow redirects or something? port 443 is available because I can telnet to it:

    $ telnet 192.168.0.1 443
    Trying 192.168.0.1...
    Connected to 192.168.0.1.
    Escape character is '^]'.
    

    nmap shows 80 and 443 as open:

    PORT      STATE    SERVICE
    80/tcp    open     http
    443/tcp   open     https
    
    opened by frakman1 1
  • Use SslyzeOutputAsJson without dependencies

    Use SslyzeOutputAsJson without dependencies

    The option to validate and import scan results with pydantic/SslyzeOutputAsJson is great. However it requires all the dependencies of sslyze, including nassl. This is a problem, if I'm on a platform where I have to compile it, and only want to read a scan result.

    Therefore it would be great, it would be possible to use SslyzeOutputAsJson without dependencies, that are only necessary to perform a scan. That would require some refactoring of the imports.

    opened by weddige 0
  • Switch to pyOpenSSL for validating certificate chain

    Switch to pyOpenSSL for validating certificate chain

    To further address the memory leak affecting the certificate validation logic (https://github.com/nabla-c0d3/sslyze/issues/560), we should switch from nassl's to pyOpenSSL's API (https://www.pyopenssl.org/en/stable/api/crypto.html#x509storecontext-objects).

    pyOpenSSL is already an implicit dependency of SSLyze since it's a dependency of cryptography.

    opened by nabla-c0d3 0
  • Segmentation Fault when trying to invoke tests or scan local apache webserver

    Segmentation Fault when trying to invoke tests or scan local apache webserver

    To Reproduce Steps to reproduce the behavior:

    1. Install latest SSLyze version using git clone
    2. Create and activate python3.9 venv
    3. Follow the steps: https://github.com/nabla-c0d3/sslyze/tree/5.0.0#development-environment
    4. See error

    Expected behavior Tests succeed

    Python environment

    • OS: RHEL 8.5
    • Python version: 3.9.6
    • OpenSSL 1.1.1k FIPS 25 Mar 2021
    • update-crypto-policies --show: LEGACY

    Additional context When trying to scan a local apache webserver using python -m sslyze [webserver cname] with SSLyze version 4.1.0, which was previously installed using pip, or with the latest version from git, a segmentation fault happens aswell. gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname] results in error 2

    Error

    # invoke test
    ============================= test session starts ==============================
    platform linux -- Python 3.9.6, pytest-6.2.5, py-1.11.0, pluggy-1.0.0
    rootdir: /opt/testsslyze/sslyze
    plugins: Faker-13.0.0, cov-3.0.0
    collected 163 items
    
    tests/test_main.py .                                                     [  0%]
    tests/cli_tests/test_console_output.py .........                         [  6%]
    tests/cli_tests/test_server_string_parser.py ........                    [ 11%]
    tests/json_tests/test_json_output.py .....                               [ 14%]
    tests/plugins_tests/test_compression_plugin.py Fs.                       [ 15%]
    tests/plugins_tests/test_early_data_plugin.py ...                        [ 17%]
    tests/plugins_tests/test_elliptic_curves_plugin.py FF                    [ 19%]
    tests/plugins_tests/test_fallback_scsv_plugin.py FFFF                    [ 21%]
    tests/plugins_tests/test_heartbleed_plugin.py FF...                      [ 24%]
    tests/plugins_tests/test_http_headers_plugin.py FFF........              [ 31%]
    tests/plugins_tests/test_openssl_ccs_injection_plugin.py FF...           [ 34%]
    tests/plugins_tests/test_robot_plugin.py Fs.                             [ 36%]
    tests/plugins_tests/test_scan_commands.py .                              [ 36%]
    tests/plugins_tests/test_session_renegotiation_plugin.py F..F            [ 39%]
    tests/plugins_tests/test_session_resumption_plugin.py FF..               [ 41%]
    tests/plugins_tests/certificate_info/test_certificate_algorithms.py ..FF [ 44%]
    F                                                                        [ 44%]
    tests/plugins_tests/certificate_info/test_certificate_info_plugin.py FFF [ 46%]
    FFFsFFFFFF.                                                              [ 53%]
    tests/plugins_tests/certificate_info/test_certificate_utils.py ......    [ 57%]
    tests/plugins_tests/certificate_info/test_cli_connector.py F             [ 57%]
    tests/plugins_tests/certificate_info/test_json.py F                      [ 58%]
    tests/plugins_tests/certificate_info/test_symantec.py ...                [ 60%]
    tests/plugins_tests/certificate_info/test_trust_store_repository.py .F   [ 61%]
    tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py .        [ 61%]
    tests/plugins_tests/openssl_cipher_suites/test_cli_connector.py F        [ 62%]
    tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py F [ 63%]
    FFFFFFFFFFFFFatal Python error: Segmentation fault
    
    Current thread 0x00007f4d107e0700 (most recent call first):
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/nassl/ssl_client.py", line 319 in get_ephemeral_key
      File "/opt/testsslyze/sslyze/sslyze/plugins/openssl_cipher_suites/_test_cipher_suite.py", line 56 in connect_with_cipher_suite
      File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 52 in run
      File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 77 in _worker
      File "/usr/lib64/python3.9/threading.py", line 910 in run
      File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
      File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap
    
    Thread 0x00007f4d117e2700 (most recent call first):
      File "/opt/testsslyze/sslyze/tests/openssl_server/__init__.py", line 44 in read_and_log_and_reply
      File "/usr/lib64/python3.9/threading.py", line 910 in run
      File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
      File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap
    
    Thread 0x00007f4d71b66100 (most recent call first):
      File "/usr/lib64/python3.9/threading.py", line 312 in wait
      File "/usr/lib64/python3.9/concurrent/futures/_base.py", line 440 in result
      File "/opt/testsslyze/sslyze/sslyze/plugins/plugin_base.py", line 115 in scan_server
      File "/opt/testsslyze/sslyze/tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py", line 321 in test_sslv3_enabled
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 183 in pytest_pyfunc_call
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 1641 in runtest
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 162 in pytest_runtest_call
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 255 in <lambda>
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 311 in from_call
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 254 in call_runtest_hook
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 215 in call_and_report
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 126 in runtestprotocol
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 109 in pytest_runtest_protocol
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 348 in pytest_runtestloop
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 323 in _main
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 269 in wrap_session
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 316 in pytest_cmdline_main
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 162 in main
      File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 185 in console_main
      File "/opt/testsslyze/venv/bin/pytest", line 8 in <module>
    

    Error 2

    # gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname]
    ...
    [Thread 0x7fffcf7fe700 (LWP 366897) exited]
       [webserver cname]:443   => 10.225.76.137   WARNING: Server requested optional client authentication
    
    Thread 15 "python" received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0x7fffefc80700 (LWP 366902)]
    nassl_SSL_get_dh_info (self=<optimized out>) at nassl/_nassl/nassl_SSL.c:861
    861     nassl/_nassl/nassl_SSL.c: No such file or directory.
    
    bug 
    opened by Florian0301 4
Releases(5.0.6)
  • 5.0.6(Oct 15, 2022)

    • Fixed a bug where no scans were run when using specific combinations of CLI options (#575).
    • Added support for more TLS stacks when connecting and scanning for elliptic curves (#579, #562).
    • Better CLI output when connectivity to the server is flaky (#534).
    • Added support for pydantic 1.10 (#576).
    • Documented how to export results to JSON via the Python API (#571).
    Source code(tar.gz)
    Source code(zip)
    sslyze-5.0.6-exe.zip(22.04 MB)
  • 5.0.5(May 14, 2022)

  • 5.0.4(Apr 30, 2022)

  • 5.0.3(Mar 13, 2022)

    • Fixed a crash when no valid server strings had been supplied via the command line (#557).
    • Fixed a crash when serializing the result of running --http_headers to JSON (#554).
    • Checking the server's scan results against the Mozilla configurations can be disabled using --mozilla_config=disable (#551).
    Source code(tar.gz)
    Source code(zip)
  • 5.0.2(Jan 1, 2022)

  • 5.0.1(Dec 19, 2021)

    • Renamed --mozilla-config to --mozilla_config for consistency.
    • Fixed a bug when using --reneg against servers using specific versions of GnuTLS.
    • Added support for cryptography 36.0.0 (#542).
    • Fixed JSON output when using --json_out=- to print JSON to the console (#543).
    Source code(tar.gz)
    Source code(zip)
    sslyze-5.0.1-exe.zip(25.82 MB)
  • 5.0.0(Nov 26, 2021)

    This major release focuses on improving the reliability of the scans, simplifying the Python API and JSON output, and adding support for checking a server's TLS configuration against Mozilla's recommended configuration.

    • SSLyze will now check the server's scan results against the Mozilla "intermediate" configuration (#453).
      • Which Mozilla configuration to use can be configured via --mozilla-config={old, intermediate, modern}.
      • The --mozilla-config option replaces --regular, which has been removed.
    • SSLyze can now be run as a CI/CD step; see the README for more information.
    • The Python API has been significantly simplified (#512). The changes focus on:
      • Reducing how much code is needed in order to run a scan.
      • Improving the typing of the result objects, in order to simplify code that processes scan results.
      • API-breaking changes: Starting a scan and processing the results is now done differently; see the documentation.
    • The JSON output has been significantly simplified.
      • The JSON output's format now fully matches the format of the results within the Python API.
      • An auto-generated JSON schema is also now available at ./json_output_schema.json (#487).
      • The Python documentation can now be used to understand the format for both Python results and JSON results.
    • SSLyze now provides a fully-typed Python API for parsing the JSON output of previously-run scans (#487).
      • parsed_json_result = SslyzeOutputAsJson.parse_file("result.json")
      • This can be used for example to process the results of SSLyze scans in a separate Python program.
    • HTTP headers testing: the Public-Key-Pins headers are no longer checked by SSLyze, as the pinning feature has been removed from most browsers (#506).
      • API-breaking changes:
        • The public_key_pins_header and public_key_pins_report_only_header fields have been removed from HttpHeadersScanResult.
    • Session resumption testing: the --resum scan command has been updated to provide better insights into how the server supports session resumption (#53).
      • The command will now attempt multiple resumptions using TLS tickets, similarly to what it already does for resumptions with Session IDs. Previously, it would only perform a single resumption attempt when testing TLS Tickets.
      • The new command --resum_attempts can be used in order to configure how many session resumptions --resum will attempt; it is set to 5 by default.
        • python -m sslyze --resum --resum_attempts=20 www.google.com
      • API-breaking changes:
        • The fields within SessionResumptionSupportScanResult have been renamed and updated,
        • The --resum_rate command, ScanCommand.SESSION_RESUMPTION_RATE and the SessionResumptionRateScanResult class have been removed. The --resum_attempts command and SessionResumptionSupportExtraArguments class should be used instead.
    • Misc bug fixes for when scanning servers with exotic TLS or network configurations (#531, #532, #533).
    Source code(tar.gz)
    Source code(zip)
    sslyze-5.0.0-exe.zip(25.61 MB)
  • 4.1.0(Mar 29, 2021)

    • SSLyze's memory usage has been significantly reduced when scanning a lot of servers concurrently (#511).
      • This will make it easier to deploy SSLyze to environments where memory is limited, such as AWS Lambda.
      • For example, when queuing 100 server scans, memory usage will now reach a maximum of 150 MB, instead of 1400 MB in previous versions of SSLyze.
    • Fixed errors when running http_headers on specific server software (#517, #516).
    • Removed usage of pipenv and switched back to a requirements.txt.
    Source code(tar.gz)
    Source code(zip)
    sslyze-4.1.0-exe.zip(21.91 MB)
  • 4.0.4(Feb 22, 2021)

    • Fixed errors when running --elliptic_curves on specific server software (#490).
    • Better error reporting when running --http_headers on a server that doesn't speak HTTP (#499, #500).
      • See also the new HttpHeadersScanResult.http_error_trace field in the Python API.
    Source code(tar.gz)
    Source code(zip)
    sslyze-4.0.4-exe.zip(21.84 MB)
  • 4.0.3(Feb 15, 2021)

    • Updated the JSON output to be more stable, to allow diffing the JSON output of successive scans against the same server (#491).
    • Fixed errors when scanning a server that only supports TLS 1.3 (#488).
    • Fixed error when running --robot on an nginx server configured to require client authentication (#484).
    • Fixed crash due to malformed HTTP headers (#498).
    • Better reporting when scanning unresponsive servers (#501).
    • Fixed error when an invalid certificate is deployed on the server (#495).
    • Fixed error when running --reneg on Indy TCP server (#483).
    Source code(tar.gz)
    Source code(zip)
    sslyze-4.0.3-exe.zip(21.84 MB)
  • 4.0.2(Jan 31, 2021)

  • 4.0.1(Jan 20, 2021)

  • 4.0.0(Jan 19, 2021)

    • Added support for Python 3.9 (#468).
    • Fixed a crash when parsing OCSP responses (#471).
      • API-breaking change: the ocsp_response field in CertificateInfoScanResult is now an OCSPResponse instance from the cryptography.x509.ocsp module.
      • JSON-breaking change: Significantly improved the JSON output for certificates and OCSP responses, when using --certinfo.
    • Fixed a false positive when testing for client-initiated renegotiation DoS attacks on some servers (#473).
      • API-breaking change: the accepts_client_renegotiation field in SessionRenegotiationScanResult was removed, and the more accurate is_vulnerable_to_client_renegotiation_dos field was added.
    • The ability to detect the server’s “preferred” cipher suite was removed for being too unreliable, and will be replaced by full cipher suite order detection in a future release (#456).
      • API-breaking change: the cipher_suite_preferred_by_server in CipherSuitesScanResult was removed.
    • Fixed a crash when scanning a server with an exotic/invalid TLS configuration (#466).
    • Fixed support for older versions of macOS.
    • Added support for the latest version of cryptography (#467).
    Source code(tar.gz)
    Source code(zip)
    sslyze-4.0.0-exe.zip(21.39 MB)
  • 3.1.0(Nov 11, 2020)

    • Added support for scanning for supported elliptic curves (#447):
    $ python -m sslyze --elliptic_curves www.cloudflare.com
    
     * Elliptic Curve Key Exchange:
           Supported curves:                  prime256v1, secp384r1, secp521r1, X25519
           Rejected curves:                   sect163r2, secp160r1, sect233k1, X448, secp160r2, sect233r1, secp192k1,
    sect239k1, secp224k1, sect193r1, sect283k1, secp224r1, sect163k1, sect283r1, secp256k1, secp160k1, 
    sect409k1, prime192v1, sect409r1, sect163r1, sect193r2, sect571k1, sect571r1
    
    • Added support for cryptography 3.x (#455).
    • Fixed various crashes (#458, #459).
    Source code(tar.gz)
    Source code(zip)
    sslyze-3.1.0-exe.zip(20.55 MB)
  • 3.0.8(Jun 28, 2020)

  • 3.0.7(Jun 13, 2020)

  • 3.0.6(May 31, 2020)

  • 3.0.4(May 10, 2020)

  • 3.0.3(Apr 27, 2020)

  • 3.0.2(Apr 19, 2020)

    • Improved check for HTTP security headers by adding support for HTTP redirections (#393 ).
    • Fixed bug causing some results to not be returned when scanning multiple servers (#429 ).
    • Added support for more versions of the cryptography package for better compatibility (#428 ).
    • Fixed crash when scanning a server with a certificate that has duplicate X509 extensions (#420 )
    Source code(tar.gz)
    Source code(zip)
    sslyze-3.0.2-exe.zip(17.57 MB)
  • 3.0.1(Apr 3, 2020)

  • 3.0.0(Mar 30, 2020)

    Big internal refactoring focused on modernizing the code base (dataclasses, type annotations, etc.) and improving the speed and reliability of the scan results.

    • The Python API and the format of the outputs have been drastically improved and simplified, but are not backward-compatible with older versions of SSLyze.
    • Python 3.8 is now supported, and Python 3.6 is no longer supported.
    • Huge improvements to the reliability of the scans:
      • The number of concurrent connections per single server can now be controlled and is set to 5 by default (#385).
      • This limit is enforced regardless of the number of scan commands queued for the server, and drastically reduces the number of scans that fail due to a slow server or a slow connection.
    • Various improvements to cipher suites scanning:
      • The size of the cipher's suite key is now always returned.
      • The (EC) Diffie-Helmann parameters negotiated during the TLS handshake are now returned (#394).
    • Various improvements to server certificate checks:
      • Servers that expose multiple leaf certificates and chains are now supported (#326).
      • Bug fix for Symantec CA deprecation (#406).
    • SSLyze is now compatible with PEP 561 for type checking with mypy.
    • Various improvements to the JSON output:
      • The format of the JSON output now exactly matches the format of the Python output (which is fully documented).
      • Better parsing of Subject and Issuer fields in certificates (#404).
    • Support for XML output was removed.
    Source code(tar.gz)
    Source code(zip)
  • 2.1.4(Sep 1, 2019)

  • 2.1.3(Jun 12, 2019)

  • 2.1.2(Jun 7, 2019)

  • 2.1.1(Jun 3, 2019)

    • Major cleanup of CertificateInfoPlugin and HttpHeadersPlugin; the results returned by these plugins when using the Python API or the JSON or XML outputs have changed slightly, and should be easier to understand and use.
      • However, existing code that parses these results will break.
    • Fixed bug where SSLyze was unable to build the verified chain for a given server; OpenSSL is now used directly to build the verified chain (#355).
    • Fixed bug with IPv6 support (#371).
    • Fixed crash in the RobotPlugin (#361).
    • Converted the test suite to pytest.
    Source code(tar.gz)
    Source code(zip)
    sslyze-2-1-1-exe.zip(16.57 MB)
  • 2.0.5(Jan 31, 2019)

  • 2.0.4(Jan 27, 2019)

  • 2.0.3(Dec 6, 2018)

Owner
Alban Diquet
Alban Diquet
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the

mitmproxy 29.7k Jan 4, 2023
A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals.

A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals. All your favorite hits in a simplified format.

Jon Zink 2 Aug 3, 2022
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

null 44 Nov 15, 2022
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

Taroballz 7 Nov 9, 2022
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

AnonyminHack5 12 Dec 2, 2022
Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e <FOFA EMAIL> -k <TOKEN> Screenshots License MIT Dev 6613GitHub6613

PwnWiki 48 Oct 25, 2022
Port scanning tool that uses Python3. Created by Noble Wilson

Hello There! My name is Noble Wilson and I am an aspiring IT/InfoSec coder practicing for my future. ________________________________________________

null 1 Nov 23, 2021
log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

null 5 Dec 10, 2021
Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

b4zinga 5 Mar 21, 2022
NS-LOOKUP - A python script for scanning website for getting ip address of a website

NS-LOOKUP A python script for scanning website for getting ip address of a websi

Spider Anongreyhat 5 Aug 2, 2022
Scan Site - Tools For Scanning Any Site and Get Site Information

Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

NumeX 5 Mar 19, 2022
RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

RapiDAST RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API. Its core engine is OWASP Z

Red Hat Product Security 17 Nov 11, 2022
APKLeaks - Scanning APK file for URIs, endpoints & secrets.

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

dw1 3.5k Jan 9, 2023
EMBArk - The firmware security scanning environment

Embark is being developed to provide the firmware security analyzer emba as a containerized service and to ease accessibility to emba regardless of system and operating system.

emba 175 Dec 14, 2022
A GitHub action for organizations that enables advanced security code scanning on all new repos

Advanced-Security-Enforcer What this repository does This code is for an active GitHub Action written in Python to check (on a schedule) for new repos

Zack Koppert 30 May 17, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022
On-demand scanning for container registries

Lacework registry scanner Install & configure Lacework CLI Integrate a Container Registry Go to Lacework > Resources > Containers > Container Image In

Will Robinson 1 Dec 14, 2021
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022
Scanning for CVE-2021-44228

Filesystem log4j_scanner for windows and Unix. Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571 Requires a minimum of Python 2.7. Can be ex

Brett England 4 Jan 9, 2022