Fast and full-featured SSL scanner.
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.
Key features include:
- SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
- Performance testing: session resumption and TLS tickets support
- Security testing: weak cipher suites, insecure renegation, CRIME and THC-SSL DOS attacks
- Server certificate validation
- Support for certificate validation using OCSP and RCL
- Check support for HSTS
- Check support for SNI
- Support for validation against different trust stores
- Support for StartTLS with SMTP and XMPP, and traffic tunneling through an HTTPS proxy
- Client certificate support for servers performing mutual authentication
- Scan results can be written to an XML file for further processing
Supported platforms include Windows 7, Linux and OS X Mountain Lion, both 32 and 64 bits. SSLyze requires Python 2.6 or 2.7 and OpenSSL 0.9.8+.
On Linux and OS X, SSLyze relies on the system's OpenSSL libraries.
For Windows, specific packages that include the OpenSSL DLLs are provided.
Installation packages are available at: http://nabla-c0d3.blogspot.com/2013/01/sslyze-v06.html
The user manual is available at: https://github.com/iSECPartners/sslyze/wiki
$ python sslyze.py --regular www.isecpartners.com:443 www.google.com
See the test folder for additional examples.
GPLv2 - See LICENSE.txt.