Tool and Usage
|Programming languages||Python, shell script|
|Latest release||No release found|
Why this tool?
The tool is of great assistance to quickly perform a security audit and may be used during penetrating testing, or guiding system administrator for system hardening.
How it works
Cipherscan is a wrapper around the OpenSSL s_client command line utility. Therefore it requires preferably one of the later OpenSSL versions, to properly test the capabilities of a target.
Usage and audience
cipherscan is commonly used for information gathering, security assessment, system hardening, or web application analysis. Target users for this tool are auditors, pentesters, security professionals, and system administrators.
- Can run non-privileged (as normal user)
- Command line interface
- Installation of tool is optional
- JSON output supported
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Screen output is colored
- + More than 1000 GitHub stars
- + Very low number of dependencies
- + Supported by a large company
Supported operating systems
Cipherscan is known to work on Linux.
Similar tools to cipherscan:
Tlsenum is a tool to enumerate what TLS cipher suites a server supports and then list them in order of priority. Read how it works in this review.
The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.
testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.
Found an improvement? Help the community by submitting an update.