1

As the title says, I am searching for a tool, which can do the following:

  • Do SSL Handshake beeing given a list of IP-Addresses
  • Support SNI (in that case hostnames would be in the list, too)
  • Performance (scalable on list with multiple 100 million entries, do it in less than 2 days)
  • Collect and store all negotiated TLS overhead (TLS-version, TLS cipher suites, ...)
  • Collect and store all X.509 certificates (e.G.: in PEM format, I also need certs from the chain)
  • Support IPv4 AND IPv6

Note that I am not trying to DoS anything, it's just part of a study. I've already read about ZGrab, but the creators themselfes write:

ZGrab tends to be very unstable

, which is not quite a good add.

I welcome any recommendations!

Hansi
  • 87
  • 1
  • 1
  • 6
  • Any tool that can do 10 requests/second can do 1.5 millions in two days. This isn't too difficult to fulfill if you have sufficient internet bandwidth and you don't get blocked for suspicious activities. Even a simple shell script using openssl s_client should be able to do it. – Lie Ryan Dec 17 '16 at 11:50
  • Do you see any limiations using this approach. I mean, I rather have 100 Million entries (sorry for beeing unclear here). Do you think that 500 pps are also achievable just using a simple script launching OpenSSL instances? – Hansi Dec 17 '16 at 12:22
  • "what tool does X?" is generally a bad question on StackExchange. Any answer will be short lived, and encourages long lists of possible tools instead of a single acceptable answer. – schroeder Dec 17 '16 at 12:26
  • I disagree. In my question I was very specific about what the tool should do. Specific questions can easily be answered with clear and specific answers. There are already some answers that go in the right direction. Furthermore, I haven't found any comparable question on Security-Stackexchange. Hence answer may help others, too. – Hansi Dec 17 '16 at 13:07

1 Answers1

2

  • You can write yourself a script which uses openssl openssl s_client -showcerts -connect ipv4:443 </dev/null to connect to each ip you and grep all the required information. The server certificate is the first certificate returned, and will be PEM formatted. The CA certificate is the final certificate returned, and is also PEM formatted.The output will also have the cipher and protocol used for handshake

  • For ipv6 use ncat. ncat -6 --ssl -v ipv6 443 and grep all the inforamtion.

  • If you want to enumerate all the ciphers that ip supports, you can use testssl.sh.I'm not sure whether ipv6 is supported.

  • As SNI is initiated by the client, you should already have the servername of that ip to get the SNI from the server. this question might help you

If you dont want to script your way through,check out Tenable Nessus(trial version available) or OpenVAS(opensource).Before you intiate a scan, chose only plugins related to information gathering, as some plugins actually attack the target and also simply consumes more time.

Community
  • 1
Vinod Pn
  • 385
  • 1
  • 4
  • 11