Vulnerability Analysisssltlsciphercertificatescannersecurity

sslscan

Tests SSL/TLS enabled services to discover supported cipher suites. Reports protocol versions, cipher suites, key exchanges, signature algorithms, and certificates to identify weak security parameters.

Description

sslscan is a fast SSL/TLS scanner designed to query SSL/TLS services such as HTTPS. It provides detailed reports on supported protocol versions, cipher suites, key exchanges, signature algorithms, and certificates in use, helping users identify weak parameters from a security standpoint.

The tool is particularly useful for security assessments of web services and other TLS-enabled endpoints. It can output results in XML format for integration with external programs, making it suitable for automated scanning workflows.

sslscan supports various STARTTLS protocols and includes checks for vulnerabilities like Heartbleed, TLS fallback, and renegotiation issues.

How It Works

sslscan connects to SSL/TLS services using specified protocols and options, enumerating supported cipher suites, key exchange groups, signature algorithms, and certificates. It performs targeted checks for vulnerabilities such as Heartbleed (CVE-2014-0160), TLS compression (CRIME), fallback SCSV, renegotiation, and OCSP responses. Results are analyzed against security best practices, with optional XML output for parsing.

Installation

bash

sudo apt install sslscan

Flags

--targets=<file>A file containing a list of hosts to check. Hosts can be supplied with ports (host:port)

--sni-name=<name>Hostname for SNI

--ipv4, -4Only use IPv4

--ipv6, -6Only use IPv6

--show-certificateShow full certificate information

--show-certificatesShow chain full certificates information

--show-client-casShow trusted CAs for TLS client auth

--no-check-certificateDon't warn about weak certificate algorithm or keys

--ocspRequest OCSP response from server

--ssl2Only check if SSLv2 is enabled

--ssl3Only check if SSLv3 is enabled

--tls10Only check TLSv1.0 ciphers

--tls11Only check TLSv1.1 ciphers

--tls12Only check TLSv1.2 ciphers

--tls13Only check TLSv1.3 ciphers

--tlsallOnly check TLS ciphers (all versions)

--no-heartbleedDo not check for OpenSSL Heartbleed (CVE-2014-0160)

--starttls-smtpSTARTTLS setup for SMTP

--xml=<file>Output results to an XML file. Use - for STDOUT.

--verboseDisplay verbose output

Examples

Scan localhost on default port for SSL/TLS configuration

sslscan 127.0.0.1

Scan IPv6 localhost for SSL/TLS configuration

sslscan [::1]

Scan multiple hosts listed in a file

sslscan --targets=hosts.txt

Scan with specific SNI hostname

sslscan --sni-name=example.com www.example.com

Scan target using only IPv4

sslscan --ipv4 example.com

Scan and show full certificate information

sslscan --show-certificate example.com

Scan only TLSv1.2 ciphers

sslscan --tls12 example.com

Scan and output results to XML file

sslscan --xml=results.xml example.com

Updated 2026-04-16kali.org ↗