How to get comprehensive SSL information out of a website with Ubuntu.

The sslscan utility will print out a comprehensive report listing all of the SSL ciphers used by a website secured by SSL. This can be very useful information when you are planning to attack this website. Or just for research purposes. In this example, I am scanning and getting information about the ssl ciphers used by that website. Use the command like this: sslscan --no-failed and it will not show failed ciphers.

ubuntu ~ $ sslscan --no-failed
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|

                  Version 1.8.2
        Copyright Ian Ventura-Whiting 2009

Testing SSL server on port 443

  Supported Server Cipher(s):
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
    Accepted  TLSv1  128 bits  ECDHE-ECDSA-RC4-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5

  Prefered Server Cipher(s):
    TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA

  SSL Certificate:
    Version: 2
    Serial Number: -18446744073709551615
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: /C=US/O=DigiCert Inc/ High Assurance CA-3
    Not valid before: Aug 28 00:00:00 2014 GMT
    Not valid after: Oct 15 12:00:00 2015 GMT
    Subject: /C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*
    Public Key Algorithm: id-ecPublicKey
    EC Public Key:
      Private-Key: (256 bit)
      ASN1 OID: prime256v1
    X509v3 Extensions:
      X509v3 Authority Key Identifier:

      X509v3 Subject Key Identifier:
      X509v3 Subject Alternative Name:
        DNS:*,, DNS:*,, DNS:*, DNS:*, DNS:*, DNS:*, DNS:*, DNS:*, DNS:*,
      X509v3 Key Usage: critical
        Digital Signature, Key Agreement
      X509v3 Extended Key Usage:
        TLS Web Server Authentication, TLS Web Client Authentication
      X509v3 CRL Distribution Points:

        Full Name:

        Full Name:

      X509v3 Certificate Policies:
        Policy: 2.16.840.1.114412.1.1

      Authority Information Access:
        OCSP - URI:
        CA Issuers - URI:

      X509v3 Basic Constraints: critical
  Verify Certificate:
    unable to get local issuer certificate

This is a very interesting command and may be useful to someone doing penetration testing upon a website for a client. This returns a lot of useful SSL information.

Use this command: sslscan --no-failed --xml=results.xml to output all results to an XML file.

Type sudo apt-get install sslscan to install this utility. Or use it out of the box on Kali Linux.

No comments have been made. Use this form to start the conversation :)

Leave a Reply