Closed GoogleCodeExporter closed 9 years ago
Oh, please. Not again. sslscan, ssltest (we already have both) and ... a new
script now?.. I don't want to fix all reported bugs in a new tool.
Improve the existing NSE ssl script in nmap and call it a day.
Original comment by blshkv
on 10 Oct 2013 at 3:36
[deleted comment]
There aren't any bugs for one. Two, neither of those two tools you mention
provide the functionality of sslyze (hsts, renegotiation, xmpp_to starttls
options, etc). Three, stop being lazy :/
Original comment by i...@neopwn.com
on 10 Oct 2013 at 4:49
here is a simple example: does it support "friendly" SSL errors or reports a
false positive alert? see ssltest -f for details
Anyway, my point is it would be better to merge all these small scripts into a
bigger frameworks because it's hard to run them one by one during a PT. Nmap
seems a reasonable place.
Original comment by blshkv
on 10 Oct 2013 at 11:31
I'm ready to switch to that tool because it seems better supported
Original comment by blshkv
on 17 Oct 2013 at 4:19
fixed in r5229. Enjoy ;-)
Original comment by blshkv
on 23 Nov 2013 at 6:45
Original issue reported on code.google.com by
i...@neopwn.com
on 9 Oct 2013 at 2:36