Testing TLS/SSL of internal servers and applications using testssl.sh – draft

SSL related vulnerabilities are coming out  once in a while. It is essential keep track of  TLS/SSL related issues and patch them up.
From a penetration tester’s perceptive, it is very important to look for any kind of TLS/SSL  vulnerabilities, mis-configuration etc

To scan TLS/SSL implementation of internet facing applications and servers we have the ‘mighty SSL Labs‘ from Qualys.  May be all of us are familiar with SSL Labs. They provide an excellent service for free; Their awesome library not only test for TLS/SSL implementation, also for a wide variety of SSL related vulnerabilities, client simulations etc

But when it comes into internally hosted web applications and servers, that’s something else! SSL Labs scanning service cannot be used against servers/applications in private networks.

SSLScan and SSLyze are two common tools which I have been using regularly to analyze TLS/SSL cipher suites and SSL related vulnerabilities of internal applications. These tools will help us to find out the presence of weak cipher suites, re-negotiation vulnerabilities, Heartbleed etc. And that’s it! Nothing more nothing less!

 

The left screenshot is from SSLyze and the right one is from SSLScan scanner. These quick scans were ran against some vulnerable target.

Here comes testssl.sh for the rescue.