WebApp Pentesting: Using SSLScan

Sunday, December 27, 2015 By Jitendra 0 comments







Hi ,

 So this is my another post on WebApp pentesting on how to enumerate the SSL/TLS ciphers used by a website and also about gathering the information on the SSL certificate used by the website.

What  is SSLScan

SSLScan is  also a very good information gathering tools it is used to gathering about the SSL/TLS ciphers used by a website it also shows the information about SSL certificate used by the website.


How to use SSLScan


SSLScan comes pre installed in major linux distributions like backbox and kali linux.
if this is not preinstalled on your distribution just simply type

sudo apt-get install sslscan






Now for scanning a website just simply type

sslscan -domain




Now it will start enumerating the ciphers used by that website like this 



After that it will show you the information about the ssl certificate used by the website.








So by this method you can use sslscan and can find out the vulnerability based on the ssl cipher like POODLE vulnerability and other.


More tutorials coming soon 
Stay tuned 


Thanks 
Jitendra Singh (Team Computer Korner )

 Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

About the Author

Written by CK Admins

Computer Korner is an open knowledge sharing site, where the we try to share our experience with IT, Security, Networking, System Administration tasks faced in day to day life. Articles from visitors are highly appreciated. Contact Us at : Click Here


0 comments:

Subscribe to: Post Comments (Atom)