lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AANLkTinMkhtHefpdMeZ8W1Re+b0y5q7b4S+VmT6rn5Qi@mail.gmail.com>
Date: Thu, 26 Aug 2010 15:21:34 +0100
From: Darren McDonald <athena@...donald.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Athena SSL Cipher Scanner

I've been alerted to the fact I left in a bit of debug code that was
printing out a load of '*' (thanks Richard).

a new version is available at
http://dmcdonald.net/athena-ssl-cipher-check_v0521.tar.gz

On Tue, Aug 24, 2010 at 1:16 PM, Darren McDonald <athena@...donald.net> wrote:
> I've posted a new SSL Cipher tool onto my website, at
> http://dmcdonald.net/athena-ssl-cipher-check_v052.tar.gz, Athena SSL Cipher
> Scanner.
>
> Unlike most SSL cipher scanners which have a limited list of ciphers they
> know of, athena checks all 65536 cipher codes. Of these codes it can
> identify ~150 different ciphers, if it finds a cipher which it cannot
> identify, it'll just inform you that it has found a unknown cipher. Rather
> than sending it 65536 requests to find these ciphers it sends large blocks
> of cipher codes, and uses the server response to narrow down it's search,
> similar to a binary search algorithm. It can scan most ssl services in a
> couple of minutes or so. Further speed improvements are in the pipeline.
>
> It currently works very well with IIS and apache, but seems to have issues
> with Sun HTTP Servers, the reasons behind which ive not yet fully explored.
> Note I've reimplimented part of sslv2, sslv3, and tls1, and for all ive know
> ive got it wrong and it could completely hose your box, use with caution in
> live environments.
>
> Id be greatful for any feed back/bugs/comments.
>
> Best,
>
> Renski
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ