security talk & philosophizing

FF E4

SSLSCAN- SSLYZE and IDS

space marines coming to a fight

Kali Linux comes with some useful SSL/TLS scanners which can help determine misconfigurations and vulnerabilities.

Examples

# a simple sslscan of a host:

sslscan -h [host]

sslyze [host]

# scanning a specific port

sslyze [host:port]

Results

While sslscan does a great job of returning information on what TLS version and cyphers are accepted (highlighting in orange versions that are outdated), sslyze provides a bit more detail in regards to vulnerabilities. SSLSCAN does provide a note on heart bleed vulnerabilities, but SSLYZE goes a bit deeper.

Certificate information (including serial, dates, public key algorithm, signature) as well as vulnerabilities (OpenSSL CCS Injection, Heartbleed, Robot attack, session renegotiation). It completes with a summary if the TLS configuration is compliant with Mozilla and if not, what needs to be changed.

IDS Information

If your site is protected behind an IDS (Suricata, etc.) these scans should trigger a notice like the one below:

SURICATA TLS overflow heartbeat encountered, possible exploit attempt (heartbleed)

Me

,

FF
EF

a moment now is worth a thousand moments from the before, or next.

letting go is the hardest, but most rewarding aspect of everything

© 2025 FF E4 • Powered by