I have a huge distributed network with over 1000 servers and network devices. It is mix of operating systems. I'm looking for some free tool to scan network for SSL v2, SSL v3, RC4,TLS v1.0 and older. For example https://www.ssllabs.com/ssltest suits perfectly for my needs, but it cannot scan many servers at the same time and most of the servers are not accessible from internet, so I need this tool to be working from inside of the network. Do you have any suggestions? Help is much appreciated.
Asked
Active
Viewed 361 times
1 Answers
0
OpenVAS is very much like NESSUS except that the vulnerability feed at the heart of the service is free. Tenable security gives away the NESSUS tool freely, but charges for vulnerability updates.
Based on your description of the problem, you can also use NMAP scripts (check out this article) to list service ciphers:
nmap -sV -sC target
443/tcp open https syn-ack
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_IDEA_128_CBC_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_DES_64_CBC_WITH_MD5
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
|_ SSL2_RC4_128_EXPORT40_WITH_MD5
user34445
- 503
- 2
- 12