提供: セキュリティ
移動: 案内検索

sslscan(SSLScan) とは、サポートされている暗号を検出するために、httpsのようなSSLサービスに問い合わせをするための高速なSSLスキャナーです。


えすえすえる すきゃん






sudo pkg install sslscan


apt-get コマンドでインストールする場合です。

sudo apt-get install sslscan


CentOSyum コマンドでインストールする場合。

sudo yum -y  install sslscan



           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|
                  Version 1.8.2
        Copyright Ian Ventura-Whiting 2009
SSLScan is a fast SSL port scanner. SSLScan connects to SSL
ports and determines what  ciphers are supported, which are
the servers  prefered  ciphers,  which  SSL  protocols  are
supported  and   returns  the   SSL   certificate.   Client
certificates /  private key can be configured and output is
to text / XML.
  sslscan [Options] [host:port | host]
  --targets=<file>     A file containing a list of hosts to
                       check.  Hosts can  be supplied  with
                       ports (i.e. host:port).
  --no-failed          List only accepted ciphers  (default
                       is to listing all ciphers).
  --ssl2               Only check SSLv2 ciphers.
  --ssl3               Only check SSLv3 ciphers.
  --tls1               Only check TLSv1 ciphers.
  --pk=<file>          A file containing the private key or
                       a PKCS#12  file containing a private
                       key/certificate pair (as produced by
                       MSIE and Netscape).
  --pkpass=<password>  The password for the private  key or
                       PKCS#12 file.
  --certs=<file>       A file containing PEM/ASN1 formatted
                       client certificates.
  --starttls           If a STARTTLS is required to kick an
                       SMTP service into action.
  --http               Test a HTTP connection.
  --bugs               Enable SSL implementation  bug work-
  --xml=<file>         Output results to an XML file.
  --version            Display the program version.
  --help               Display the  help text  you are  now


$ sslscan
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|
                  Version 1.8.2
        Copyright Ian Ventura-Whiting 2009
Testing SSL server on port 443
  Supported Server Cipher(s):
    Failed    SSLv2  168 bits  DES-CBC3-MD5
    Failed    SSLv2  128 bits  IDEA-CBC-MD5
    Failed    SSLv2  128 bits  RC2-CBC-MD5
    Failed    SSLv2  128 bits  RC4-MD5
    Failed    SSLv2  56 bits   DES-CBC-MD5
    Failed    SSLv2  40 bits   EXP-RC2-CBC-MD5
    Failed    SSLv2  40 bits   EXP-RC4-MD5
    Failed    SSLv3  256 bits  ECDHE-RSA-AES256-GCM-SHA384
    Failed    SSLv3  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
    Failed    SSLv3  256 bits  ECDHE-RSA-AES256-SHA384
    Failed    SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA384
    Accepted  SSLv3  256 bits  ECDHE-RSA-AES256-SHA
    Rejected  SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA
    Rejected  SSLv3  256 bits  SRP-DSS-AES-256-CBC-SHA
    Rejected  SSLv3  256 bits  SRP-RSA-AES-256-CBC-SHA
    Failed    SSLv3  256 bits  DHE-DSS-AES256-GCM-SHA384
    Failed    SSLv3  256 bits  DHE-RSA-AES256-GCM-SHA384
    Failed    SSLv3  256 bits  DHE-RSA-AES256-SHA256
    Failed    SSLv3  256 bits  DHE-DSS-AES256-SHA256
    Rejected  SSLv3  256 bits  DHE-RSA-AES256-SHA
    Rejected  SSLv3  256 bits  DHE-DSS-AES256-SHA
    Rejected  SSLv3  256 bits  DHE-RSA-CAMELLIA256-SHA
    Rejected  SSLv3  256 bits  DHE-DSS-CAMELLIA256-SHA
    Rejected  SSLv3  256 bits  AECDH-AES256-SHA
    Rejected  SSLv3  256 bits  SRP-AES-256-CBC-SHA
    Failed    SSLv3  256 bits  ADH-AES256-GCM-SHA384
    Failed    SSLv3  256 bits  ADH-AES256-SHA256
    Rejected  SSLv3  256 bits  ADH-AES256-SHA
    Rejected  SSLv3  256 bits  ADH-CAMELLIA256-SHA
    Failed    SSLv3  256 bits  ECDH-RSA-AES256-GCM-SHA384
    Failed    SSLv3  256 bits  ECDH-ECDSA-AES256-GCM-SHA384
    Failed    SSLv3  256 bits  ECDH-RSA-AES256-SHA384
    Failed    SSLv3  256 bits  ECDH-ECDSA-AES256-SHA384
    Rejected  SSLv3  256 bits  ECDH-RSA-AES256-SHA
    Rejected  SSLv3  256 bits  ECDH-ECDSA-AES256-SHA
    Failed    SSLv3  256 bits  AES256-GCM-SHA384
    Failed    SSLv3  256 bits  AES256-SHA256
    Accepted  SSLv3  256 bits  AES256-SHA
    Rejected  SSLv3  256 bits  CAMELLIA256-SHA
    Failed    SSLv3  256 bits  PSK-AES256-CBC-SHA
    Rejected  SSLv3  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Rejected  SSLv3  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
    Rejected  SSLv3  168 bits  SRP-DSS-3DES-EDE-CBC-SHA
    Rejected  SSLv3  168 bits  SRP-RSA-3DES-EDE-CBC-SHA
    Rejected  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Rejected  SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
    Rejected  SSLv3  168 bits  AECDH-DES-CBC3-SHA
    Rejected  SSLv3  168 bits  SRP-3DES-EDE-CBC-SHA
    Rejected  SSLv3  168 bits  ADH-DES-CBC3-SHA
    Rejected  SSLv3  168 bits  ECDH-RSA-DES-CBC3-SHA
    Rejected  SSLv3  168 bits  ECDH-ECDSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Failed    SSLv3  168 bits  PSK-3DES-EDE-CBC-SHA
    Failed    SSLv3  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Failed    SSLv3  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256
    Failed    SSLv3  128 bits  ECDHE-RSA-AES128-SHA256
    Failed    SSLv3  128 bits  ECDHE-ECDSA-AES128-SHA256
    Accepted  SSLv3  128 bits  ECDHE-RSA-AES128-SHA
    Rejected  SSLv3  128 bits  ECDHE-ECDSA-AES128-SHA
    Rejected  SSLv3  128 bits  SRP-DSS-AES-128-CBC-SHA
    Rejected  SSLv3  128 bits  SRP-RSA-AES-128-CBC-SHA
    Rejected  SSLv3  128 bits  SRP-DSS-AES-128-CBC-SHA
    Rejected  SSLv3  128 bits  SRP-RSA-AES-128-CBC-SHA
    Failed    SSLv3  128 bits  DHE-DSS-AES128-GCM-SHA256
    Failed    SSLv3  128 bits  DHE-RSA-AES128-GCM-SHA256
    Failed    SSLv3  128 bits  DHE-RSA-AES128-SHA256
    Failed    SSLv3  128 bits  DHE-DSS-AES128-SHA256
    Rejected  SSLv3  128 bits  DHE-RSA-AES128-SHA
    Rejected  SSLv3  128 bits  DHE-DSS-AES128-SHA
    Rejected  SSLv3  128 bits  DHE-RSA-SEED-SHA
    Rejected  SSLv3  128 bits  DHE-DSS-SEED-SHA
    Rejected  SSLv3  128 bits  DHE-RSA-CAMELLIA128-SHA
    Rejected  SSLv3  128 bits  DHE-DSS-CAMELLIA128-SHA
    Rejected  SSLv3  128 bits  AECDH-AES128-SHA
    Rejected  SSLv3  128 bits  SRP-AES-128-CBC-SHA
    Failed    SSLv3  128 bits  ADH-AES128-GCM-SHA256
    Failed    SSLv3  128 bits  ADH-AES128-SHA256
    Rejected  SSLv3  128 bits  ADH-AES128-SHA
    Rejected  SSLv3  128 bits  ADH-SEED-SHA
    Rejected  SSLv3  128 bits  ADH-CAMELLIA128-SHA
    Failed    SSLv3  128 bits  ECDH-RSA-AES128-GCM-SHA256
    Failed    SSLv3  128 bits  ECDH-ECDSA-AES128-GCM-SHA256
    Failed    SSLv3  128 bits  ECDH-RSA-AES128-SHA256
    Failed    SSLv3  128 bits  ECDH-ECDSA-AES128-SHA256
    Rejected  SSLv3  128 bits  ECDH-RSA-AES128-SHA
    Rejected  SSLv3  128 bits  ECDH-ECDSA-AES128-SHA
    Failed    SSLv3  128 bits  AES128-GCM-SHA256
    Failed    SSLv3  128 bits  AES128-SHA256
    Accepted  SSLv3  128 bits  AES128-SHA
    Rejected  SSLv3  128 bits  SEED-SHA
    Rejected  SSLv3  128 bits  CAMELLIA128-SHA
    Rejected  SSLv3  128 bits  IDEA-CBC-SHA
    Failed    SSLv3  128 bits  PSK-AES128-CBC-SHA
    Accepted  SSLv3  128 bits  ECDHE-RSA-RC4-SHA
    Rejected  SSLv3  128 bits  ECDHE-ECDSA-RC4-SHA
    Rejected  SSLv3  128 bits  AECDH-RC4-SHA
    Rejected  SSLv3  128 bits  ADH-RC4-MD5
    Rejected  SSLv3  128 bits  ECDH-RSA-RC4-SHA
    Rejected  SSLv3  128 bits  ECDH-ECDSA-RC4-SHA
    Accepted  SSLv3  128 bits  RC4-SHA
    Accepted  SSLv3  128 bits  RC4-MD5
    Failed    SSLv3  128 bits  PSK-RC4-SHA
    Rejected  SSLv3  56 bits   EDH-RSA-DES-CBC-SHA
    Rejected  SSLv3  56 bits   EDH-DSS-DES-CBC-SHA
    Rejected  SSLv3  56 bits   ADH-DES-CBC-SHA
    Rejected  SSLv3  56 bits   DES-CBC-SHA
    Rejected  SSLv3  40 bits   EXP-EDH-RSA-DES-CBC-SHA
    Rejected  SSLv3  40 bits   EXP-EDH-DSS-DES-CBC-SHA
    Rejected  SSLv3  40 bits   EXP-ADH-DES-CBC-SHA
    Rejected  SSLv3  40 bits   EXP-DES-CBC-SHA
    Rejected  SSLv3  40 bits   EXP-RC2-CBC-MD5
    Rejected  SSLv3  40 bits   EXP-ADH-RC4-MD5
    Rejected  SSLv3  40 bits   EXP-RC4-MD5
    Rejected  SSLv3  0 bits    ECDHE-RSA-NULL-SHA
    Rejected  SSLv3  0 bits    ECDHE-ECDSA-NULL-SHA
    Rejected  SSLv3  0 bits    AECDH-NULL-SHA
    Rejected  SSLv3  0 bits    ECDH-RSA-NULL-SHA
    Rejected  SSLv3  0 bits    ECDH-ECDSA-NULL-SHA
    Failed    SSLv3  0 bits    NULL-SHA256
    Rejected  SSLv3  0 bits    NULL-SHA
    Rejected  SSLv3  0 bits    NULL-MD5
    Failed    TLSv1  256 bits  ECDHE-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDHE-RSA-AES256-SHA384
    Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA384
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA
    Rejected  TLSv1  256 bits  SRP-DSS-AES-256-CBC-SHA
    Rejected  TLSv1  256 bits  SRP-RSA-AES-256-CBC-SHA
    Failed    TLSv1  256 bits  DHE-DSS-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  DHE-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA256
    Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA256
    Rejected  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-RSA-CAMELLIA256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-CAMELLIA256-SHA
    Rejected  TLSv1  256 bits  AECDH-AES256-SHA
    Rejected  TLSv1  256 bits  SRP-AES-256-CBC-SHA
    Failed    TLSv1  256 bits  ADH-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ADH-AES256-SHA256
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  ADH-CAMELLIA256-SHA
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  ADH-CAMELLIA256-SHA
    Failed    TLSv1  256 bits  ECDH-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDH-RSA-AES256-SHA384
    Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-SHA384
    Rejected  TLSv1  256 bits  ECDH-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  ECDH-ECDSA-AES256-SHA
    Failed    TLSv1  256 bits  AES256-GCM-SHA384
    Failed    TLSv1  256 bits  AES256-SHA256
    Accepted  TLSv1  256 bits  AES256-SHA
    Rejected  TLSv1  256 bits  CAMELLIA256-SHA
    Failed    TLSv1  256 bits  PSK-AES256-CBC-SHA
    Rejected  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  SRP-DSS-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  SRP-RSA-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  AECDH-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  SRP-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDH-ECDSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Failed    TLSv1  168 bits  PSK-3DES-EDE-CBC-SHA
    Failed    TLSv1  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDHE-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA256
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA
    Rejected  TLSv1  128 bits  SRP-DSS-AES-128-CBC-SHA
    Rejected  TLSv1  128 bits  SRP-RSA-AES-128-CBC-SHA
    Failed    TLSv1  128 bits  DHE-DSS-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  DHE-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA256
    Rejected  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-SEED-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-SEED-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  AECDH-AES128-SHA
    Rejected  TLSv1  128 bits  SRP-AES-128-CBC-SHA
    Failed    TLSv1  128 bits  ADH-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ADH-AES128-SHA256
    Rejected  TLSv1  128 bits  ADH-AES128-SHA
    Rejected  TLSv1  128 bits  ADH-SEED-SHA
    Rejected  TLSv1  128 bits  ADH-CAMELLIA128-SHA
    Failed    TLSv1  128 bits  ECDH-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDH-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-SHA256
    Rejected  TLSv1  128 bits  ECDH-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  ECDH-ECDSA-AES128-SHA
    Failed    TLSv1  128 bits  AES128-GCM-SHA256
    Failed    TLSv1  128 bits  AES128-SHA256
    Accepted  TLSv1  128 bits  AES128-SHA
    Rejected  TLSv1  128 bits  SEED-SHA
    Rejected  TLSv1  128 bits  CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  IDEA-CBC-SHA
    Failed    TLSv1  128 bits  PSK-AES128-CBC-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
    Rejected  TLSv1  128 bits  ECDHE-ECDSA-RC4-SHA
    Rejected  TLSv1  128 bits  AECDH-RC4-SHA
    Rejected  TLSv1  128 bits  ADH-RC4-MD5
    Rejected  TLSv1  128 bits  ECDH-RSA-RC4-SHA
    Rejected  TLSv1  128 bits  ECDH-ECDSA-RC4-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
    Failed    TLSv1  128 bits  PSK-RC4-SHA
    Rejected  TLSv1  56 bits   EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  56 bits   EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1  56 bits   ADH-DES-CBC-SHA
    Rejected  TLSv1  56 bits   DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-ADH-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-RC2-CBC-MD5
   Rejected  TLSv1  40 bits   EXP-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-RC2-CBC-MD5
    Rejected  TLSv1  40 bits   EXP-ADH-RC4-MD5
    Rejected  TLSv1  40 bits   EXP-RC4-MD5
    Rejected  TLSv1  0 bits    ECDHE-RSA-NULL-SHA
    Rejected  TLSv1  0 bits    ECDHE-ECDSA-NULL-SHA
    Rejected  TLSv1  0 bits    AECDH-NULL-SHA
    Rejected  TLSv1  0 bits    ECDH-RSA-NULL-SHA
    Rejected  TLSv1  0 bits    ECDH-ECDSA-NULL-SHA
    Failed    TLSv1  0 bits    NULL-SHA256
    Rejected  TLSv1  0 bits    NULL-SHA
    Rejected  TLSv1  0 bits    NULL-MD5
  Prefered Server Cipher(s):
    SSLv3  128 bits  ECDHE-RSA-RC4-SHA
    TLSv1  128 bits  ECDHE-RSA-RC4-SHA
  SSL Certificate:
    Version: 2
    Serial Number: -18446744073709551615
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
    at (c)10/CN=VeriSign Class 3 Secure Server CA
    - G3
    Not valid before: Sep 24 00:00:00 2014 GMT
    Not valid after: Sep 25 23:59:59 2015 GMT
    Subject: /C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
      Public-Key: (2048 bit)
      Exponent: 65537 (0x10001)
    X509v3 Extensions:
      X509v3 Subject Alternative Name:,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
      X509v3 Basic Constraints:
      X509v3 Key Usage: critical
        Digital Signature, Key Encipherment
      X509v3 Extended Key Usage:
        TLS Web Server Authentication, TLS Web Client Authentication
      X509v3 Certificate Policies:
        Policy: 2.16.840.1.113733.1.7.54
          User Notice:
            Explicit Text:
      X509v3 Authority Key Identifier:
      X509v3 CRL Distribution Points:
        Full Name:
      Authority Information Access:
        OCSP - URI:
        CA Issuers - URI:
  Verify Certificate:
    unable to get local issuer certificate