go implementation of a tls/ssl analysis tool using it's own implementation of the TLS/SSL handshake to check for all possible ciphersuites.
At the moment gosslsec does not support TLSv1.3!
configure your scan using the CLI flags:
--host <IP> IP address to scan --port <Port> tcp port to scan
# ./gosslsec --host 127.0.0.1 --port 4432
Starting gosslsec, go version
[I] 127.0.0.1:4432 supports SSLv2.0 RC4_128_WITH_MD5
[I] 127.0.0.1:4432 supports SSLv2.0 RC4_128_EXPORT40_WITH_MD5
[I] 127.0.0.1:4432 supports SSLv2.0 RC2_128_CBC_WITH_MD5
[I] 127.0.0.1:4432 supports SSLv2.0 RC2_128_CBC_EXPORT40_WITH_MD5
[I] 127.0.0.1:4432 supports SSLv2.0 DES_64_CBC_WITH_MD5
[I] 127.0.0.1:4432 supports SSLv2.0 DES_192_EDE3_CBC_WITH_MD5
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_RC4_40_MD5
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_RC4_128_MD5
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_RC4_128_SHA
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_RC2_40_MD5
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_DES_64_CBC_SHA
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_DES_192_CBC3_SHA
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_EXPORT1024_WITH_DES_CBC_SHA
[I] 127.0.0.1:4432 supports SSLv3.0 RSA_EXPORT1024_WITH_RC4_56_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_40_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_128_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_128_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC2_40_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_DES_64_CBC_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_DES_192_CBC3_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_EXPORT1024_WITH_DES_CBC_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_EXPORT1024_WITH_RC4_56_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_40_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_128_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_128_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC2_40_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_DES_64_CBC_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_DES_192_CBC3_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_EXPORT1024_WITH_DES_CBC_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_EXPORT1024_WITH_RC4_56_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_40_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_128_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC4_128_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_RC2_40_MD5
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_DES_64_CBC_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_DES_192_CBC3_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_EXPORT1024_WITH_DES_CBC_SHA
[I] 127.0.0.1:4432 supports TLSv1.0 RSA_EXPORT1024_WITH_RC4_56_SHA
[I] 127.0.0.1:4432 certificate signature algorithm: SHA1-RSA
[I] 127.0.0.1:4432 certificate signature length: 128
[I] 127.0.0.1:4432 certificate public key algorithm: RSA
[I] 127.0.0.1:4432 certificate issuer: CN=USER-F6RZCDJKFC
[I] 127.0.0.1:4432 certificate subject: CN=USER-F6RZCDJKFC
[I] 127.0.0.1:4432 certificate valid from: 2020-04-10 00:02:22 +0000 UTC
[I] 127.0.0.1:4432 certificate valid until: 2020-04-17 00:02:22 +0000 UTC
[I] 127.0.0.1:4432 certificate duration of validity: 0y 0m 7d 0h 0m
The ciphernames are stored in a file named ciphersuitenamemap.go, which is not included in this repository. This file can be generated by the tool in the subdirectory parseciphersuites.
With this repository a Makefile is provided, which generates ciphersuitenamemap.go as well as the binary gosslsec.
# make
- implement multithreading
- check for insecure configurations
- add support for TLS 1.3
- allow other output formats like JSON, YAML or XML