Description
SSLScan queries SSL/TLS services to report cipher suites, certificate details, and protocol support. It's fast and produces clear output showing weak configurations.
Installation
BASH
# Kali/Debian
sudo apt install sslscan
# From source
git clone https://github.com/rbsec/sslscan.git
cd sslscan && make static && sudo make install
# macOS
brew install sslscanBasic Usage
BASH
# Scan a host
sslscan target.com
# Specific port
sslscan target.com:8443
# Show certificate
sslscan --show-certificate target.comAdvanced Usage
BASH
# XML output
sslscan --xml=results.xml target.com
# No color (for logging)
sslscan --no-colour target.com
# Show only ciphers
sslscan --show-ciphers target.com
# STARTTLS protocols
sslscan --starttls-smtp target.com:25
sslscan --starttls-ftp target.com:21
sslscan --starttls-imap target.com:143
# Test client certificate
sslscan --pk=key.pem --pkpass=password --certs=cert.pem target.com
# Check specific TLS version
sslscan --tls12 target.com
sslscan --tls13 target.comCommon Workflows
BASH
# Quick audit
sslscan target.com | grep -E "(Accepted|Preferred)"
# Mass scan
for host in $(cat hosts.txt); do echo "=== $host ===" && sslscan --no-colour "$host"; done > ssl_audit.txt