Results 1 to 2 of 2

Thread: sslscan

  1. 2022-08-18 #1
    eal
    eal is offline Junior Member
    Join Date
    2022-Aug
    Posts
    1

    sslscan

    Hello

    We recently hired a security firm to run an internal pentest and I gave the contractor a jump host machine and he installed Kali in a virtual box and ran the test.

    One item identified was the support for TLS 1.0 and TLS 1.2. He gave us a list of 100+ ips that had TLS 1.0 and TLS1.1 enabled. I have since used registry/GPO to disable support for TLS 1.0 and TLS 1.1. I have used IISCrypto tool to confirm this. I, however, also wanted to scan the network and confirm if through the same tool he used. Also, I can remote scan it instead of running IISCrypto on each machine.

    I believe he used sslscan tool in Kali as the screenshot provided matches with the output. It is the same network and same IPS but I am having issues running sslscan. Since then I also downloaded sslscan for Windows and running into the same issue.

    Here is my issue. Windows firewall is enabled. It takes a couple of minutes after running the command and generates the below error of connection timed out.

    # sslscan 192.168.xxx.xxx
    Version: 2.0.15-static
    OpenSSL 1.1.1q-dev xx XXX xxxx
    Error: Could not open a connection to host 192.168.xxx.xxx (192.168.xxx.xxx) on port 443 (connect: Timed out).



    Windows firewall is disabled. It generates below right away that the connection refused

    # sslscan 192.168.xxx.xxx
    Version: 2.0.15-static
    OpenSSL 1.1.1q-dev xx XXX xxxx

    Error: Could not open a connection to host 192.168.xxx.xxx (192.168.xxx.xxx) on port 443 (connect: connection refused).


    With the firewall turned off, I get similar issues running sslscan from the Windows box

    C:\<>\sslscan.exe 192.168.xxx.xxx
    Version: 2.0.15 Windows 64-bit (Mingw)
    OpenSSL 1.1.1e-dev xx XXX xxxx

    ERROR: Could not open a connection to host 192.168.xxx.xxx (192.168.xxx.xxx) on port 443 (connect: No connection could be made because the target machine actively refused it. ).



    This is the same network and subnet that the tester used and generated the result. However, I am getting the connection timed out and the connection refused message. We did not turn off the Windows firewall for him either. Does anyone have any idea?

    I am also open to using another tool if you have had a better experience with it.

    Thanks for your time!
    Last edited by eal; 2022-08-22 at 20:45.
  2. 2022-09-02 #2
    Fred Sheehan
    Fred Sheehan is offline Senior Member
    Join Date
    2021-May
    Location
    UK
    Posts
    772
    You could use powershell;

    https://www.thecodeasylum.com/testin...th-powershell/

Similar Threads

  1. Interpreting SSLScan results
    By b3d0uin in forum General Archive
    Replies: 3
    Last Post: 2016-07-19, 11:40
  2. Adding support for SSLv2 for SSLScan and OpenSSL testing
    By kelleyja in forum How-To Archive
    Replies: 1
    Last Post: 2013-03-14, 17:42

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules