sslscan man page

sslscan ā€” Fast SSL/TLS scanner

Synopsis

sslscan [options] [host:port | host]

Description

This manual page documents briefly the sslscan command

sslscan queries SSL/TLS services, such as HTTPS, in order to determine the ciphers that are supported.
SSLScan is designed to be easy, lean and fast. The output includes preferred ciphers of the SSL/TLS service,
the certificate and output is in text and XML formats. It is TLS SNI aware when used with a supported version of OpenSSL.

Options

--help

Show summary of options.

--version

Show version of program.

--targets=<file>

A file containing a list of hosts to check. Hosts can be supplied with ports (i.e. host:port). One target per line.

--no-failed

List only accepted ciphers (default is to listing all ciphers).

--ssl2

Only check SSLv2 ciphers.

--ssl3

Only check SSLv3 ciphers.

--tls1

Only check TLSv1 ciphers.

--tls11

Only check TLSv11 ciphers.

--tls12

Only check TLSv12 ciphers.

--pk=<file>

A file containing the private key or a PKCS#12 file containing a private key/certificate pair (as produced by MSIE and Netscape).

--pkpass=<password>

The password for the private key or PKCS#12 file.

--certs=<file>

A file containing PEM/ASN1 formatted client certificates.

--renegotiation

Attempt TLS renegotiation

--starttls-ftp

STARTTLS setup for FTP

--starttls-imap

STARTTLS setup for IMAP

--starttls-pop3

STARTTLS setup for POP3

--starttls-smtp

STARTTLS setup for SMTP

--starttls-xmpp

STARTTLS setup for XMPP

--html

Makes a HTML request after a successful connection and returns the server response code.

--bugs

Enables workarounds for SSL bugs.

--xml=<file>

Output results to an XML file.

Author

sslscan was originally written by Ian Ventura-Whiting <fizz@titania.co.uk>. sslscan was extended by Jacob Appelbaum <jacob@appelbaum.net>.
This manual page was originally written by Marvin Stark <marv@der-marv.de>.

Info

May 19, 2009