search

infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
4.95k stars 908 forks source link

plugin for sslscan #436

Open daniejstriata opened 3 years ago

daniejstriata commented 3 years ago

Can you please plugin sslscan?

source: https://github.com/rbsec/sslscan

Output: → ./sslscan www.example.com

Version: 2.0.10-4-g5224502-static
OpenSSL 1.1.1l-dev  xx XXX xxxx

Connected to 93.184.216.34

Testing SSL server www.example.com on port 443 using SNI name www.example.com

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve P-521 DHE 521
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve P-521 DHE 521
Accepted  TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve P-521 DHE 521
Preferred TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-521 DHE 521
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve P-521 DHE 521
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-521 DHE 521

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.3  192 bits  secp384r1 (NIST P-384)
TLSv1.3  260 bits  secp521r1 (NIST P-521)
TLSv1.2  192 bits  secp384r1 (NIST P-384)

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
ECC Curve Name:      secp384r1
ECC Key Strength:    192

Subject:  example.com
Altnames: DNS:id.example.com, DNS:in.example.com, DNS:example.com, DNS:example.com.au, DNS:example.com.hk, DNS:example.de, DNS:example.net, DNS:example.nl, DNS:example.org
Issuer:   R3

Not valid before: May 28 09:13:44 2021 GMT
Not valid after:  Aug 26 09:13:44 2021 GMT
ezk06eer commented 3 years ago

@daniejstriata we had considered the tool but we dont see information about any vulnerability tha we could map into our model. but feel free to follow this article to create your custom plugin. https://docs.faradaysec.com/Basic-plugin-development/

daniejstriata commented 3 years ago

Often informational items is not aligned to policy. What I foresee is that if an informational item like TL 1.1 being active will create a warming.