Added 2 bash scripts
authorOlivier Paroz <oparoz@users.noreply.github.com>
Fri, 26 Sep 2014 11:04:32 +0000 (13:04 +0200)
committerOlivier Paroz <oparoz@users.noreply.github.com>
Fri, 26 Sep 2014 11:04:32 +0000 (13:04 +0200)
Those scripts use openssl to parse the data and present nice summaries.

```
linux $ ./cipherscan www.google.com:443
...................
prio  ciphersuite                  protocols                    pfs_keysize
1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                      ECDH,P-256,256bits
2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      ECDH,P-256,256bits
3     ECDHE-RSA-AES128-SHA         TLSv1.1,TLSv1.2              ECDH,P-256,256bits
4     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
5     AES128-GCM-SHA256            TLSv1.2
6     AES128-SHA256                TLSv1.2
7     AES128-SHA                   TLSv1.1,TLSv1.2
8     RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
9     RC4-MD5                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
10    ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                      ECDH,P-256,256bits
11    ECDHE-RSA-AES256-SHA384      TLSv1.2                      ECDH,P-256,256bits
12    ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
13    AES256-GCM-SHA384            TLSv1.2
14    AES256-SHA256                TLSv1.2
15    AES256-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2
16    ECDHE-RSA-DES-CBC3-SHA       SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
17    DES-CBC3-SHA                 SSLv3,TLSv1,TLSv1.1,TLSv1.2
18    ECDHE-RSA-AES128-SHA256      TLSv1.2                      ECDH,P-256,256bits

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
```

and
https://cloud.githubusercontent.com/assets/8036727/4375481/a521aee8-433c-11e4-9c37-c48464da80a1.jpg

src/tools.tex

index 66e3766..b9bc644 100644 (file)
@@ -29,7 +29,9 @@ Command line tools
 \begin{itemize*}
   \item \url{https://sourceforge.net/projects/sslscan} connects to a given SSL service and shows the cipher suites that are offered.
   \item \url{http://www.bolet.org/TestSSLServer/} tests for BEAST and CRIME vulnerabilities.
+  \item \url{https://github.com/drwetter/testssl.sh} checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws (CRIME, BREACH, CCS, Heartbleed).
   \item \url{https://github.com/iSECPartners/sslyze} Fast and full-featured SSL scanner
+  \item \url{https://github.com/jvehent/cipherscan} Fast TLS scanner (ciphers, order, protocols, key size and more)
   \item \url{http://nmap.org/} nmap security scanner
   \item \url{http://www.openssl.net} OpenSSL s\_client
 \end{itemize*}