How to get comprehensive SSL information out of a website with Ubuntu.

The sslscan utility will print out a comprehensive report listing all of the SSL ciphers used by a website secured by SSL. This can be very useful information when you are planning to attack this website. Or just for research purposes. In this example, I am scanning facebook.com and getting information about the ssl ciphers used by that website. Use the command like this: sslscan --no-failed facebook.com and it will not show failed ciphers.

ubuntu ~ $ sslscan --no-failed facebook.com
                   _
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|

                  Version 1.8.2
             http://www.titania.co.uk
        Copyright Ian Ventura-Whiting 2009

Testing SSL server facebook.com on port 443

  Supported Server Cipher(s):
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
    Accepted  TLSv1  128 bits  ECDHE-ECDSA-RC4-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5

  Prefered Server Cipher(s):
    TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA

  SSL Certificate:
    Version: 2
    Serial Number: -18446744073709551615
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
    Not valid before: Aug 28 00:00:00 2014 GMT
    Not valid after: Oct 15 12:00:00 2015 GMT
    Subject: /C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
    Public Key Algorithm: id-ecPublicKey
    EC Public Key:
      Private-Key: (256 bit)
      pub:
          04:d8:d1:dd:35:bd:e2:59:b6:fb:9b:1f:54:15:8c:
          db:bf:4e:58:bd:47:be:b8:10:fc:22:e9:d2:9e:98:
          f8:49:2a:25:fb:94:46:e4:42:99:84:50:1c:5f:01:
          fd:14:25:31:5c:4e:d9:64:fd:c5:0c:b3:46:d2:a1:
          bc:70:b4:87:8e
      ASN1 OID: prime256v1
    X509v3 Extensions:
      X509v3 Authority Key Identifier:
        keyid:50:EA:73:89:DB:29:FB:10:8F:9E:E5:01:20:D4:DE:79:99:48:83:F7

      X509v3 Subject Key Identifier:
        43:09:93:40:FA:11:4B:30:33:EC:F2:87:6E:8D:71:18:CF:8A:BC:8E
      X509v3 Subject Alternative Name:
        DNS:*.facebook.com, DNS:facebook.com, DNS:*.fb.com, DNS:fb.com, DNS:*.fbsbx.com, DNS:*.fbcdn.net, DNS:*.xx.fbcdn.net, DNS:*.xy.fbcdn.net, DNS:*.xz.fbcdn.net, DNS:*.m.facebook.com, DNS:*.messenger.com, DNS:messenger.com
      X509v3 Key Usage: critical
        Digital Signature, Key Agreement
      X509v3 Extended Key Usage:
        TLS Web Server Authentication, TLS Web Client Authentication
      X509v3 CRL Distribution Points:

        Full Name:
          URI:http://crl3.digicert.com/ca3-g29.crl

        Full Name:
          URI:http://crl4.digicert.com/ca3-g29.crl

      X509v3 Certificate Policies:
        Policy: 2.16.840.1.114412.1.1
          CPS: https://www.digicert.com/CPS

      Authority Information Access:
        OCSP - URI:http://ocsp.digicert.com
        CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceCA-3.crt

      X509v3 Basic Constraints: critical
        CA:FALSE
  Verify Certificate:
    unable to get local issuer certificate

This is a very interesting command and may be useful to someone doing penetration testing upon a website for a client. This returns a lot of useful SSL information.

Use this command: sslscan --no-failed --xml=results.xml facebook.com to output all results to an XML file.

Type sudo apt-get install sslscan to install this utility. Or use it out of the box on Kali Linux.

No comments have been made. Use this form to start the conversation :)

Leave a Reply