{"id":348,"date":"2017-06-23T22:43:16","date_gmt":"2017-06-23T21:43:16","guid":{"rendered":"https:\/\/www.attackdebris.com\/?p=348"},"modified":"2017-06-25T12:28:53","modified_gmt":"2017-06-25T11:28:53","slug":"auto-sslscan","status":"publish","type":"post","link":"https:\/\/www.attackdebris.com\/?p=348","title":{"rendered":"Auto-sslscan (Automatic SSL Scanning)"},"content":{"rendered":"<p><strong>Auto-sslscan<\/strong><\/p>\n<p>As I mentioned in the previous <a href=\"https:\/\/www.attackdebris.com\/?p=335\">post<\/a> whilst Nessus and Nmap do a reasonable job of enumerating SSL protocols and ciphers I often find myself utilising other 3rd party SSL scanning tools. One I find myself turning to on a regular basis is <a href=\"https:\/\/github.com\/rbsec\/sslscan\">sslscan<\/a>, I like the output it provides and issues become immediately apparent, although if you prefer using SSL scanning tool X or Y, the auto-sslscan code can be easily amended to cater for your tool of choice.<\/p>\n<p>Auto-sslscan is a python script designed to automate the process of conducting ssl scanning via sslcan. The Auto-sslscan script parses an nmap.xml output file, extracts all SSL services and automatically performs an sslscan of them.<\/p>\n<p><strong>Step 1 \u2013 Create a valid nmap .xml fil<\/strong>e:<\/p>\n<p>Note: Some form of Nmap version scanning must be utilised to create the XML ouput i.e. <code>-sV<\/code> or <code>-A<\/code> (In order to determine whether the service is SSL enabled)<\/p>\n<p><a href=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/nmap-xml.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-338\" src=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/nmap-xml.jpg\" alt=\"\" width=\"859\" height=\"311\" srcset=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/nmap-xml.jpg 859w, https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/nmap-xml-300x109.jpg 300w, https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/nmap-xml-768x278.jpg 768w\" sizes=\"auto, (max-width: 859px) 100vw, 859px\" \/><\/a><\/p>\n<p><strong>Step 2 &#8211; Process the Nmap XML file with auto-sslscan.py:<\/strong><\/p>\n<p><a href=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-351\" src=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan.jpg\" alt=\"\" width=\"753\" height=\"147\" srcset=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan.jpg 753w, https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan-300x59.jpg 300w\" sizes=\"auto, (max-width: 753px) 100vw, 753px\" \/><\/a><\/p>\n<p><strong>SSL Services:<\/strong><\/p>\n<p>That&#8217;s effectively job done, we now have a list of SSL services if we wish to target them again with another tool:<\/p>\n<p><a href=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/ssl-services.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-352\" src=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/ssl-services.jpg\" alt=\"\" width=\"519\" height=\"57\" srcset=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/ssl-services.jpg 519w, https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/ssl-services-300x33.jpg 300w\" sizes=\"auto, (max-width: 519px) 100vw, 519px\" \/><\/a><\/p>\n<p><strong>SSL Scan Ouput:<\/strong><\/p>\n<p>The actual SSL scanning &#8220;sslscan&#8221; ouput is saved to a concatenated file (truncated image below):<\/p>\n<p><a href=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan-output.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-353\" src=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan-output.jpg\" alt=\"\" width=\"631\" height=\"360\" srcset=\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan-output.jpg 631w, https:\/\/www.attackdebris.com\/wp-content\/uploads\/2017\/06\/auto-sslscan-output-300x171.jpg 300w\" sizes=\"auto, (max-width: 631px) 100vw, 631px\" \/><\/a><\/p>\n<p>The code and installation instructions can be found here: <a href=\"https:\/\/github.com\/attackdebris\/auto-sslscan\">https:\/\/github.com\/attackdebris\/auto-sslscan<\/a><\/p>\n<p>Also check out nmap-ssl-parser, which simply parses the nmap XML file and provides a list of SSL services: <a href=\"https:\/\/github.com\/attackdebris\/nmap-ssl-parser\">https:\/\/github.com\/attackdebris\/nmap-ssl-parser<\/a><\/p>\n<p>Credit\u00a0 \u2013 The base code I used to create nmap-ssl-parser: <a href=\"https:\/\/github.com\/DanMcInerney\/nmap-parser\/blob\/master\/nmap-parser.py\">https:\/\/github.com\/DanMcInerney\/nmap-parser\/blob\/master\/nmap-parser.py<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Auto-sslscan As I mentioned in the previous post whilst Nessus and Nmap do a reasonable job of enumerating SSL protocols and ciphers I often find myself utilising other 3rd party SSL scanning tools. One I find myself turning to on a regular basis is sslscan, I like the output it provides and issues become immediately &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"https:\/\/www.attackdebris.com\/?p=348\">Continue reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[12],"class_list":["post-348","post","type-post","status-publish","format-standard","hentry","category-tools","tag-tools","item-wrap"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p3MDvd-5C","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts\/348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=348"}],"version-history":[{"count":6,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts\/348\/revisions"}],"predecessor-version":[{"id":363,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts\/348\/revisions\/363"}],"wp:attachment":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}