Underc0de

Foros Generales => International forum => Mensaje iniciado por: graphixx en Marzo 16, 2016, 05:31:39 pm

Título: SSLyze - Fast And Full-Featured SSL Scanner
Publicado por: graphixx en Marzo 16, 2016, 05:31:39 pm
(https://2.bp.blogspot.com/-jus5zu0gbhM/VsTWMU7w2mI/AAAAAAAAFPI/tpvRXTmAhYI/s640/sslyze.png)

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.
Key features include:


Getting Started
SSLyze can be installed directly via pip:

Código: (python) You are not allowed to view links. Register or Login
pip install sslyze
It is also easy to directly clone the repository and the fetch the requirements:
Código: (python) You are not allowed to view links. Register or Login
git clone https://github.com/nabla-c0d3/sslyze.git
cd sslyze
pip install -r requirements.txt --target ./lib

Then, the command line tool can be used to scan servers:
Código: (python) You are not allowed to view links. Register or Login
python sslyze_cli.py --regular www.yahoo.com:443 www.google.com

SSLyze has been tested on the following platforms: Windows 7 (32 and 64 bits), Debian 7 (32 and 64 bits), OS X El Capitan.

Usage as a library
Starting with version 0.13.0, SSLyze can be used as a Python module in order to run scans and process the results directly in Python:

(https://i.gyazo.com/83e1c9913e4ea352ccdb62d6a7027a94.png)

The scan commands are same as the ones described in the sslyze_cly.py --help text.
They will all be run concurrently using Python's multiprocessing module. Each command will return a PluginResult object with attributes that contain the result of the scan command run on the server (such as list of supported cipher suites for the --tlsv1 command). These attributes are specific to each plugin and command but are all documented (within each plugin's module).
See api_sample.py for more examples of SSLyze's Python API.

Windows executable
A pre-compiled Windows executable is available in the Releases (https://github.com/nabla-c0d3/sslyze/releases) tab. The package can also be generated by running the following command:

Código: (python) You are not allowed to view links. Register or Login
python.exe setup_py2exe.py py2exe
Download SSLyze (https://github.com/nabla-c0d3/sslyze)

Fuente: kitploit.com