lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTin80CDy4R8eJ1_LYp6Dbw92w12M-+vbghdm_5aF@mail.gmail.com>
Date: Tue, 24 Aug 2010 13:16:00 +0100
From: Darren McDonald <athena@...donald.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Athena SSL Cipher Scanner

I've posted a new SSL Cipher tool onto my website, at
http://dmcdonald.net/athena-ssl-cipher-check_v052.tar.gz, Athena SSL Cipher
Scanner.

Unlike most SSL cipher scanners which have a limited list of ciphers they
know of, athena checks all 65536 cipher codes. Of these codes it can
identify ~150 different ciphers, if it finds a cipher which it cannot
identify, it'll just inform you that it has found a unknown cipher. Rather
than sending it 65536 requests to find these ciphers it sends large blocks
of cipher codes, and uses the server response to narrow down it's search,
similar to a binary search algorithm. It can scan most ssl services in a
couple of minutes or so. Further speed improvements are in the pipeline.

It currently works very well with IIS and apache, but seems to have issues
with Sun HTTP Servers, the reasons behind which ive not yet fully explored.
Note I've reimplimented part of sslv2, sslv3, and tls1, and for all ive know
ive got it wrong and it could completely hose your box, use with caution in
live environments.

Id be greatful for any feed back/bugs/comments.

Best,

Renski

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ