Posts

Showing posts from December, 2014

SSL Breacher Update

2014-12-25
===========
- SSL LABs scan support; its PDF report will be saved [required WKHTMLTOPDF http://wkhtmltopdf.org/downloads.html]
- Updated Firefox root cert
- All dependencies (Java,Python,WKHTMLPDF) are bundled together in Windows platform and can be activated via breacher64.cmd
- Result outputs are now moved to /output/{host} folder
- Added bash scripts for scanning hosts in file (breacher_filelist.sh, breacher64_filelist.cmd)

2014-12-22
===========
Medium-strength ciphers check for high-security required sites


2014-11-30
===========
Improved check for FS cipher and GCM/CCM mode ciphers by reporting exception if not in server's preferred ciphers


2014-10-18
===========
Added POODLE vulnerability check
Fixed bug in HTTP elements embedded in SSL page
Introduced breacher.config to select all  (default) or desired SSL checks

2014-10-05
===========
Added warning for SHA1 hashing algorithm in certificate check - https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-…

SSL Breacher - Yet Another SSL Test Tool

This is our version of SSL test tool mainly meant for your Internal assessment which you can't use famous online SSL labs scanner. We don't re-invent the wheel but combine all the best tools together with our own checks that we think other tools are missing. Running several tools each time has made us sick. With this Breacher tool, you will get all what you need.

Version: 20141019

Download:
http://yehg.net/lab/pr0js/tools/breacher-optimized.zip


Price:
Donationware

Supported Checks

Main SSL Checks
------------------------
1. HeartBleed
2. ChangeCipherSpecs Injection
3. POODLE (due to SSLv3 support)
4. BEAST
5. BREACH
6. Lucky13
7. CRIME & TIME (If CRIME is detected, TIME will also be reported)
8. RC4 support
9. Forward Secrecy support
10. SSLv2 support
11. Weak ciphers check (LOW,ANON,NULL,EXPORT)
12. Insecure Renegotiation


Certificate Validation Check
----------------------------------
1. Certificate expiration
2. Insufficient public key-length
3. Host-name mismatch
4. Null Prefi…