search

pentoo / pentoo-historical

read-only historical backup of pentoo from googlecode
https://code.google.com/p/pentoo/
2 stars 1 forks source link

Add SSLyze #188

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
SSLyze rocks. I've been using it for weeks to test SSL/TLS and it blows away 
openssl s_client by far.

https://github.com/iSECPartners/sslyze

Original issue reported on code.google.com by i...@neopwn.com on 9 Oct 2013 at 2:36

GoogleCodeExporter commented 9 years ago 
Oh, please. Not again. sslscan, ssltest (we already have both) and ... a new 
script now?.. I don't want to fix all reported bugs in a new tool.

Improve the existing NSE ssl script in nmap and call it a day.

Original comment by blshkv on 10 Oct 2013 at 3:36

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
There aren't any bugs for one. Two, neither of those two tools you mention 
provide the functionality of sslyze (hsts, renegotiation, xmpp_to starttls 
options, etc). Three, stop being lazy :/

Original comment by i...@neopwn.com on 10 Oct 2013 at 4:49

GoogleCodeExporter commented 9 years ago 
here is a simple example: does it support "friendly" SSL errors or reports a 
false positive alert? see ssltest -f for details

Anyway, my point is it would be better to merge all these small scripts into a 
bigger frameworks because it's hard to run them one by one during a PT. Nmap 
seems a reasonable place.

Original comment by blshkv on 10 Oct 2013 at 11:31

GoogleCodeExporter commented 9 years ago 
I'm ready to switch to that tool because it seems better supported

Original comment by blshkv on 17 Oct 2013 at 4:19

GoogleCodeExporter commented 9 years ago 
fixed in r5229. Enjoy ;-)

Original comment by blshkv on 23 Nov 2013 at 6:45