sslscan is a neat and lightweight troubleshooting tool that would be great to have available in OPNsense -both CE and BE- allowing for the gathering of information directly from the FW without having to open unnecessary ports from the management vlan(s).
The sample output seen below is also color coded which improves readability, alas this is not visible in Github.
root@fbsd:~ # pkg info sslscan
sslscan-2.0.16
Name : sslscan
Version : 2.0.16
Installed on : Thu Nov 30 22:15:52 2023 UTC
Origin : security/sslscan
Architecture : FreeBSD:14:amd64
Prefix : /usr/local
Categories : security
Licenses : GPLv3
Maintainer : gavin@FreeBSD.org
WWW : https://github.com/rbsec/sslscan/
Comment : Fast SSL port scanner
Annotations :
FreeBSD_version: 1400097
build_timestamp: 2023-11-18T13:18:59+0000
built_by : poudriere-git-3.3.0-1258-gbc38e2e6
port_checkout_unclean: no
port_git_hash : 157c391cc1
ports_top_checkout_unclean: no
ports_top_git_hash: 8a036a08da
repo_type : binary
repository : FreeBSD
Flat size : 5.25MiB
Description :
SSLScan is a fast SSL port scanner. SSLScan connects to SSL ports
and determines what ciphers are supported, which are the servers
prefered ciphers, which SSL protocols are supported and returns the
SSL certificate. Client certificates and private key can be configured
and output is to text / XML.
root@fbsd:~ #
root@fbsd:~ #
root@fbsd:~ # sslscan expired.badssl.com
Version: 2.0.16-static
OpenSSL 3.1.0 14 Mar 2023
Connected to 104.154.89.105
Testing SSL server expired.badssl.com on port 443 using SNI name expired.badssl.com
Hi there,
sslscan is a neat and lightweight troubleshooting tool that would be great to have available in OPNsense -both CE and BE- allowing for the gathering of information directly from the FW without having to open unnecessary ports from the management vlan(s).
The sample output seen below is also color coded which improves readability, alas this is not visible in Github.
freshports
Github homepage
Thank you.