Finding SSL cipher vulnerabilities
In this recipe, we will learn to use tools to scan for vulnerable SSL ciphers and SSL-related vulnerabilities.
For this recipe, you will require an Internet connection.
- Open the terminal and launch the SSLScan tool, as shown in the following screenshot:
- To scan your target using SSLScan, run the following command:
- SSLScan will test the SSL certificate for the all the ciphers it supports. Weak ciphers will be shown in red and yellow. Strong ciphers will be shown in green:
root@Intrusion-Exploitation:~# sslscan demo.testfire.net
OpenSSL 1.0.1m-dev ...