https://github.com/nabla-c0d3/sslyze Scritto in python, fa una veloce ed ottima analisi delle caratteristiche della qualità (Cifrari, protocolli, compatibilità della catena di certificazione offerta con vari user agent) della connessione SSL offerta da un server target. Es: $ python sslyze.py --regular www.paypal.com:443 REGISTERING AVAILABLE PLUGINS ----------------------------- PluginHSTS PluginChromeSha1Deprecation PluginCertInfo PluginCompression PluginOpenSSLCipherSuites PluginSessionResumption PluginHeartbleed PluginSessionRenegotiation CHECKING HOST(S) AVAILABILITY ----------------------------- www.paypal.com:443 => 23.33.67.116:443 SCAN RESULTS FOR WWW.PAYPAL.COM:443 - 23.33.67.116:443 ------------------------------------------------------ * Deflate Compression: OK - Compression disabled * Session Renegotiation: Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations Secure Renegotiation: OK - Supported * Session Resumption: With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). With TLS Session Tickets: OK - Supported * Certificate - Content: SHA1 Fingerprint: 084be8769682236828d8e9dc55901e53e8eb8432 Common Name: www.paypal.com Issuer: VeriSign Class 3 Extended Validation SSL CA Serial Number: 0834E453D43A685723AFFBB133CE457C Not Before: Apr 15 00:00:00 2014 GMT Not After: Apr 2 23:59:59 2015 GMT Signature Algorithm: sha1WithRSAEncryption Key Size: 2048 bit Exponent: 65537 (0x10001) X509v3 Subject Alternative Name: {'DNS': ['www.paypal.com', 'history.paypal.com', 't.paypal.com', 'c.paypal.com', 'tms.paypal.com', 'tms.ebay.com']} * Certificate - Trust: Hostname Validation: OK - Subject Alternative Name matches "Mozilla NSS - 08/2014" CA Store: OK - Certificate is trusted, Extended Validation "Microsoft - 08/2014" CA Store: FAILED - Certificate is NOT Trusted: certificate has expired "Apple - OS X 10.9.4" CA Store: OK - Certificate is trusted "Java 6 - Update 65" CA Store: OK - Certificate is trusted Certificate Chain Received: ['www.paypal.com', 'VeriSign Class 3 Extended Validation SSL CA', 'VeriSign Class 3 Public Primary Certification Authority - G5'] * Certificate - OCSP Stapling: NOT SUPPORTED - Server did not send back an OCSP response. * OpenSSL Heartbleed: OK - Not vulnerable to Heartbleed * SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1_2 Cipher Suites: Preferred: RC4-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true Accepted: AES256-SHA - 256 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true RC4-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true RC4-MD5 - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true AES128-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true DES-CBC3-SHA - 112 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true * TLSV1_1 Cipher Suites: Preferred: RC4-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true Accepted: AES256-SHA - 256 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true RC4-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true RC4-MD5 - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true AES128-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true DES-CBC3-SHA - 112 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: RC4-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true Accepted: AES256-SHA - 256 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true RC4-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true RC4-MD5 - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true AES128-SHA - 128 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true DES-CBC3-SHA - 112 bits HTTP 301 Moved Permanently - https://www.paypal.com/it/cgi-bin/webscr?cmd=_home&country_lang.x=true SCAN COMPLETED IN 4.65 S ------------------------ rob -- Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO "subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx