It’s been a while since my last post in this blog, but this doesn’t mean that I’m going to abandon this site to its own luck! Therefore, let’s dive again into the amazing Cybersecurity world.
In this post, I want to bring up another interesting tool for security testing which is called sslyze. As you may notice from the command name, it is used for assessing the HTTPS TLS configuration of a website. If you are a security professional or just someone interested in the security of your website, this tool can be extremely useful for identifying any vulnerabilities or misconfigurations that could compromise the security of your TLS connection.
Install sslyze in Linux
The sslyze tool is a Python-based command-line tool that allows you to scan a website’s HTTPS configuration and identify any vulnerabilities or misconfigurations. It can be used to test a variety of different aspects of the TLS configuration, including the protocol version, cipher suites, certificate chain, and more.
To get started with sslyze, you’ll need to install it on your Linux machine with Python pip. You can do this by running the following command:
$ sudo yum install python3 python3-pip
$ python3 -m pip install --upgrade sslyzeOnce sslyze is installed, you can start using it to scan a website’s HTTPS configuration. To do this, simply run the following command, replacing “example.com” with the domain of the website you want to scan:
sslyze --regular example.comThis will run a basic scan of the website’s HTTPS configuration and display the results. The output will include information about the protocol version, cipher suites, certificate chain, and more.
Additional sslyze usages
You can also use sslyze to perform more advanced scans, such as testing for vulnerabilities like Heartbleed or POODLE, or testing for misconfigurations like insecure renegotiation or insecure certificate signing. To do this, you can use the various options and flags available with the sslyze command.
For example, to test for the Heartbleed vulnerability, you can use the following command:
$ sslyze --heartbleed example.comHere is an example of the --heartbeat scan output:
To test for insecure renegotiation, you can use the following command:
$ sslyze --reneg example.comAnd to test for insecure certificate signing, you can use the following command:
$ sslyze --certinfo example.comYou can combine different vulnerability scan options in the same sslyze command and write the outcome into a json file:
$ sslyze --heartbleed --http_headers --reneg --json_out=tesla.com.json tesla.comThe json report will look like similarly to the following picture:
Alternatives to sslyze
There are other options to perform TLS assessment of a web site like https://www.ssllabs.com/ that may provide additional and useful findings:
Or if you have the option to run a vulnerability scan with Nessus, it might also more information as well. However, ensure to enable the proper or desired plugins: https://www.tenable.com/plugins/nessus/73412
In Conclusion
As you may see, sslyze is a powerful and useful tool for assessing the HTTPS TLS configuration of a website. Whether you’re a security professional or just someone interested in the security of your own website, it’s a great tool to have in your toolkit. I hope this tutorial has been helpful in introducing you to sslyze and showing you how to use it.