sslsweep
Section: User Commands (1)
Index
NAME
sslsweep - Test SSL services
SYNOPSIS
sslsweep
[
-hsv
] [
-S
strong ssl versions
] [
-C
strong ssl ciphers
] [
-f
format
] [
host:port ...
]
DESCRIPTION
sslsweep attempts to speak SSL with user-provded TCP services and if
successful outputs the certificate's CN. If unsucessful, it prints an error
message and continues to the next input.
sslsweep takes on either the command line or standard input a list of
strings that specific a host and port separated by any one of the characters
[ .:,/]. If these are not specified on the command line they will be read
from standard input, one per line, until EOF. Alternately, sslsweep can take
nmap greppable output ('nmap -oG') on its standard input and it will talk to
all open TCP ports listed in the scan.
It will output lines in either a human-friendly format, CSV if '-f csv', or
HTML if '-f html' is specified on the command line.
sslsweep can also run as a nagios plugin. If '-f nagios' is specified,
sslsweep's output and exit status will be that of a nagios plugin.
OPTIONS
- -f format
-
Set output format. "format" must be one of "html", "csv", "hr", or "nagios".
"hr" means human-readable output and is the default. "nagios" makes sslsweep
run with output and exit status suitable to be run as a nagios plugin.
- -c ciphers
-
Specifies what ciphers to test with. This is a comma-separated list of any
cipher names known to OpenSSL. See OpenSSL's ciphers(1) man page for a list.
The default is "HIGH,MEDIUM,LOW,EXPORT,ADH".
- -C ciphers
-
Specifies what ciphers sslsweep should consider "strong". The ciphers value
is similar to the -c option.
- -h
-
Display command help
- -s
-
If specified, sslsweep will not create any output for services that did not
speak some version of SSL. This includes protocol errors, timeouts,
non-listening ports, etc.
- -S ssl versions
-
Specifies what SSL versions sslsweep should consider "strong". Must be a
comma separated list of any of "SSLv2", "SSLv3", "TLSv1". The default is
"SSLv3", "TLSv1".
- -v
-
Display sslsweep version number
COPYRIGHT, LICENSE, AND CREDIT
Copyright (C) 2009 Hurricane Labs, LLC.
sslsweep is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
sslsweep is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
SEE ALSO
ciphers(1), openssl(1),
http://www.hurricanelabs.com/software/sslsweep
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- COPYRIGHT, LICENSE, AND CREDIT
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 22:58:09 GMT, January 14, 2009