Overview

sslsweep tests TCP services for the presence of SSL and reports things about the services found, such as:

- The certificate’s CN
- The certificate’s expiration timestamp
- What kinds of ciphers the SSL service supports
- What versions of SSL the service supports

sslsweep can be used for security testing as well as ongoing monitoring of services. It can produce output in human readable text, HTML and CSV. It can also run as a Nagios plugin. Example outputs: HTML, CSV, human-readable text.

sslsweep can accept input on the command line, on standard input (one host:port pair per line), and it can also accept Nmap scan output (in the greppable format) as input and it will test all open TCP ports found by the Nmap scan.

Depedencies

- Python 2.4 or greater
- OpenSSL
- Python SSL module – required for Python 2.5 and lower. Python 2.6 and higher bundles this module.

Downloads

- sslsweep-1.2.2.tar.gz
—SHA-1: 5c31e11aa2c712beabf162050a7f02289cb702ba
—Signature (Our keying via SSL)
- Older versions

Installation

From within the extracted source package directory:

$ python setup.py build
# python setup.py install

Usage

For full information, see the man page.

Examples

% sslsweep ebay.com:https www.amazon.com:https
ebay.com https PASS spages.half.ebay.com May 9 23:59:59 2010 GMT
www.amazon.com https PASS www.amazon.com Aug 27 23:59:59 2009 GMT

% cat > input
ebay.com:https
www.amazon.com:443
^D
% sslsweep < input
ebay.com https PASS spages.half.ebay.com May 9 23:59:59 2010 GMT
www.amazon.com 443 PASS www.amazon.com Aug 27 23:59:59 2009 GMT

% sslsweep -f csv < input
ebay.com,https,pass,spages.half.ebay.com,May 9 23:59:59 2010 GMT
www.amazon.com,https,pass,www.amazon.com,Aug 27 23:59:59 2009 GMT

% sslsweep -f nagios google.com:https
OK