From: appsec@technicalinfo.net
Date: Fri Oct 17 2003 - 18:40:42 EDT
Hey there,
I have been working to bring together a number of links/forms together to make it simpler to carryout "passive" information gathering phases during an assessment. While there is a vast number of online tools - I have gatherd togther some of my favourites - but I can't appear to find one specific online tool that would be quite useful in alot of cases... specially in the precursor to web application assessments.
Does anyone know of, or have, a link to a site that does the following:
1. given an website running HTTPS - can display (and perferably analyse) the SSL certificate in a nice way.
2. connect to website running HTTPS - and chck what versions and encryption levels the server handles (e.g. SSL v.2, SSL v.3, TLS, 40 bit, 56 bit....)
3. (or more flexibly) given a DNS name and specific port - identify the version of SSL/certificate.
While there are a number of tools that can do this (such as Nessus) - are there any sites around that provide this level of SSL/HTTPS analysis. Perferably, the hosting site should be reliable and be around for more than a couple of months (trustworthy would be nice too). :-)
For those interested, the current collection of tools (and their righful owners links) can be found at: http://www.technicalinfo.net/tools/index.html
Cheers,
Gunter
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT