WebApp Pentesting: Using SSLScan
Sunday, December 27, 2015
By
Jitendra
Hi ,
So this is my another post on WebApp pentesting on how to enumerate the SSL/TLS ciphers used by a website and also about gathering the information on the SSL certificate used by the website.
What is SSLScan
SSLScan is also a very good information gathering tools it is used to gathering about the SSL/TLS ciphers used by a website it also shows the information about SSL certificate used by the website.
How to use SSLScan
SSLScan comes pre installed in major linux distributions like backbox and kali linux.
if this is not preinstalled on your distribution just simply type
sudo apt-get install sslscan
Now for scanning a website just simply type
sslscan -domain
Now it will start enumerating the ciphers used by that website like this
After that it will show you the information about the ssl certificate used by the website.
So by this method you can use sslscan and can find out the vulnerability based on the ssl cipher like POODLE vulnerability and other.
More tutorials coming soon
Stay tuned
Thanks
Jitendra Singh (Team Computer Korner )
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Written by CK Admins
Computer Korner is an open knowledge sharing site, where the we try to share our experience with IT, Security, Networking, System Administration tasks faced in day to day life. Articles from visitors are highly appreciated. Contact Us at : Click Here
![Admin Login Page Finder [FIND HIM]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtkK9xhlqxxiLTBdn2Nnai294ujo71klhdSRyAPP-erxvA4kRqWB0AfwZ2S8aXyQIyATI61-kmDnU_Bqf0f2fRWmUTH7pGawZX6icydUI5aEcpbfzBWYBazS9n619PxaXef4rVaJbV46k/s72-c/mysqladded.PNG){kind=small}
0 comments: