SSLScan is an integrated command-line tool in Kali Linux that can be used to evaluate the security of the SSL/TLS support of a remote web service. In this recipe, we will discuss how to run SSLScan against a web application and how to interpret and/or manipulate the output results.
SSL/TLS scanning with SSLScan
Getting ready
To use SSLScan to perform SSL/TLS analysis against a target, you will need to have a remote system that is running a web service with SSL or TLS enabled. In the examples provided, a combination of Google and an instance of Metasploitable2 is used to perform this task. For more information on setting up Metasploitable2, refer to the Installing Metasploitable2 recipe in Chapter 1, Getting Started.