Abers remotely

From: Robert E. Lee (robert@dyadsecurity.com)
Date: Mon Jun 19 2006 - 13:35:48 EDT


On Mon, 19 Jun 2006 11:13:02 +1000
mikeiscool <michaelslists@gmail.com> wrote:
> On 17 Jun 2006 19:27:42 -0000, 09Sparky@gmail.com <09Sparky@gmail.com> wrote:
> What is the best way or tool used to check SSL Versions? I need to confirm whether or not a remote SSL Server is outdated?

Not sure if this is what you had in mind or not, but if you're using a testing host with openssl and a shell, these scripts might be of use for you. We wrote them to enumerate enabled ciphers for different ssl versions. When you run it against a server, if you see a + sign for a cipher, then you know that cipher/ssl version is enabled on the remote server.

Sample usage:
$ ./openssl_enum_ssl3 72.14.207.99:443
- ADH-AES256-SHA
- DHE-RSA-AES256-SHA
- DHE-DSS-AES256-SHA
+ AES256-SHA at Server public key is 1024 bit
- ADH-AES128-SHA
...
Etc

=-=-=-=-=-=-=

$ cat openssl_enum_ssl2
#!/bin/sh

if [ "x${1}" = "x" ]
then
        cat <<EOF
Error: youll need to tell me what host you want me to check, use hostname:port as an argument
bye for now
EOF
        exit 1
fi

for g in `openssl ciphers 'ALL:eNULL' | tr ':' ' '`
do
        a=`echo -e 'GET / HTTP/1.1\r\nHost: localhost\r\n\r\n' | openssl s_client -ssl2 -connect ${1} -cipher $g 2>/dev/null | egrep -i '(bit|bits)'`
        if [ "x$a" = "x" ]
        then
                echo - $g
        else
                echo + $g at $a
        fi
        #echo $? $g
done

=-=-=-=-=-=-=

$ cat openssl_enum_ssl3
#!/bin/sh

if [ "x${1}" = "x" ]
then
        cat <<EOF
Error: youll need to tell me what host you want me to check, use hostname:port as an argument
bye for now
EOF
        exit 1
fi

for g in `openssl ciphers 'ALL:eNULL' | tr ':' ' '`
do
        a=`echo -e 'GET / HTTP/1.1\r\nHost: localhost\r\n\r\n' | openssl s_client -ssl3 -connect ${1} -cipher $g 2>/dev/null | egrep -i '(bit|bits)'`
        if [ "x$a" = "x" ]
        then
                echo - $g
        else
                echo + $g at $a
        fi
        #echo $? $g
done

=-=-=-=-=-=-=

$ cat openssl_enum_tls
#!/bin/sh

if [ "x${1}" = "x" ]
then
        cat <<EOF
Error: youll need to tell me what host you want me to check, use hostname:port as an argument
bye for now
EOF
        exit 1
fi

for g in `openssl ciphers 'ALL:eNULL' | tr ':' ' '`
do
        a=`echo -e 'GET / HTTP/1.1\r\nHost: localhost\r\n\r\n' | openssl s_client -tls1 -connect ${1} -cipher $g 2>/dev/null | egrep -i '(bit|bits)'`
        if [ "x$a" = "x" ]
        then
                echo - $g
        else
                echo + $g at $a
        fi
        #echo $? $g
done

=-=-=-=-=-=-=

Robert

-- 
Robert E. Lee
Chief Information Officer
http://www.dyadsecurity.com
 
phone: (949) 394-2033
fax  : (949) 486-6601
email: robert@dyadsecurity.com
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:08 EDT