Vulnerability Analysisssltlsauditcertificatesprotocolsciphers

qsslcaudit

qsslcaudit tests SSL/TLS clients to determine if they handle connections securely. It checks for vulnerabilities in certificate trust, protocol support, and cipher strength.

Description

qsslcaudit is a tool designed to assess the security of applications using TLS/SSL for data transfers. It simulates various insecure server configurations to detect if clients accept weak or invalid certificates, outdated protocols, or low-strength ciphers.

Use cases include auditing custom applications, browsers, or services that rely on SSL/TLS to ensure they reject insecure configurations. This helps identify clients vulnerable to man-in-the-middle attacks, downgrade attacks, or exploitation via weak cryptography.

The tool provides comprehensive tests covering certificate validation flaws and protocol/cipher weaknesses, making it valuable for security testing in development and penetration testing environments.

How It Works

qsslcaudit operates as a test server listening on a specified address and port, presenting custom certificates, self-signed certs, or weak protocol/cipher combinations to connecting SSL/TLS clients. It runs predefined tests (1-29) that check client behavior against insecure setups, such as trusting self-signed certificates for invalid domains, supporting SSLv2/SSLv3, or accepting EXPORT/LOW/MEDIUM grade ciphers across TLS/DTLS versions. Tests like CVE-2020-0601 evaluate specific vulnerabilities in ECC certificate trust.

Installation

bash

sudo apt install qsslcaudit

Flags

-h, --helpDisplays help on commandline options.

--help-allDisplays help including Qt specific options.

-v, --versionDisplays version information.

-l, --listen-address <0.0.0.0>listen on <address>

-p, --listen-port <8443>bind to <port>

--user-cn <example.com>common name (CN) to suggest to client

--server <https://example.com>grab certificate information from <server>

--user-cert <~/host.cert>path to file containing custom certificate

Examples

Displays usage information and lists all available SSL client tests (1-29) with descriptions.

qsslcaudit -h

Starts the server listening on all interfaces on port 8443 to test connecting SSL/TLS clients.

qsslcaudit -l 0.0.0.0 -p 8443

Runs tests suggesting 'example.com' as the common name (CN) to the client.

qsslcaudit --user-cn example.com

Grabs certificate information from the specified server for use in tests.

qsslcaudit --server https://example.com

Uses the custom certificate file for certificate trust tests.

qsslcaudit --user-cert ~/host.cert

Displays version information of qsslcaudit.

qsslcaudit -v

Updated 2026-04-16kali.org ↗