Packages and Binaries:
qsslcaudit
This tool can be used to determine if an application that uses TLS/SSL for its data transfers does this in a secure way.
Installed size: 1.08 MB
How to install: sudo apt install qsslcaudit
Dependencies:
- libc6
- libcrypto++8
- libgcc-s1
- libgnutls30
- libqt5core5a
- libqt5network5
- libstdc++6
- libunsafessl1.0.2
qsslcaudit
root@kali:~# qsslcaudit -h
Usage: qsslcaudit [options]
A tool to test SSL clients behavior
SSL client tests:
1: (certs) custom certificate trust
certificate trust test with user-supplied certificate
2: (certs) self-signed certificate for target domain trust
certificate trust test with self-signed certificate for user-supplied common name
3: (certs) self-signed certificate for invalid domain trust
certificate trust test with self-signed certificate for www.example.com
4: (certs) custom certificate for target domain trust
certificate trust test with user-supplied common name signed by user-supplied certificate
5: (certs) custom certificate for invalid domain trust
certificate trust test with www.example.com common name signed by user-supplied certificate
6: (certs) certificate for target domain signed by custom CA trust
certificate trust test with user-supplied common name signed by user-supplied CA certificate
7: (certs) certificate for invalid domain signed by custom CA trust
certificate trust test with www.example.com common name signed by user-supplied CA certificate
8: (protos) SSLv2 protocol support
test for SSLv2 protocol support
9: (protos) SSLv3 protocol support
test for SSLv3 protocol support
10: (ciphers) SSLv3 protocol and EXPORT grade ciphers support
test for SSLv3 protocol and EXPORT grade ciphers support
11: (ciphers) SSLv3 protocol and LOW grade ciphers support
test for SSLv3 protocol and LOW grade ciphers support
12: (ciphers) SSLv3 protocol and MEDIUM grade ciphers support
test for SSLv3 protocol and MEDIUM grade ciphers support
13: (protos) TLS 1.0 protocol support
test for TLS 1.0 protocol support
14: (ciphers) TLS 1.0 protocol and EXPORT grade ciphers support
test for TLS 1.0 protocol and EXPORT grade ciphers support
15: (ciphers) TLS 1.0 protocol and LOW grade ciphers support
test for TLS 1.0 protocol and LOW grade ciphers support
16: (ciphers) TLS 1.0 protocol and MEDIUM grade ciphers support
test for TLS 1.0 protocol and MEDIUM grade ciphers support
17: (ciphers) TLS 1.1 protocol and EXPORT grade ciphers support
test for TLS 1.1 protocol and EXPORT grade ciphers support
18: (ciphers) TLS 1.1 protocol and LOW grade ciphers support
test for TLS 1.1 protocol and LOW grade ciphers support
19: (ciphers) TLS 1.1 protocol and MEDIUM grade ciphers support
test for TLS 1.1 protocol and MEDIUM grade ciphers support
20: (ciphers) TLS 1.2 protocol and EXPORT grade ciphers support
test for TLS 1.2 protocol and EXPORT grade ciphers support
21: (ciphers) TLS 1.2 protocol and LOW grade ciphers support
test for TLS 1.2 protocol and LOW grade ciphers support
22: (ciphers) TLS 1.2 protocol and MEDIUM grade ciphers support
test for TLS 1.2 protocol and MEDIUM grade ciphers support
23: (ciphers) DTLS 1.0 protocol and EXPORT grade ciphers support
test for DTLS 1.0 protocol and EXPORT grade ciphers support
24: (ciphers) DTLS 1.0 protocol and LOW grade ciphers support
test for DTLS 1.0 protocol and LOW grade ciphers support
25: (ciphers) DTLS 1.0 protocol and MEDIUM grade ciphers support
test for DTLS 1.0 protocol and MEDIUM grade ciphers support
26: (ciphers) DTLS 1.2 protocol and EXPORT grade ciphers support
test for DTLS 1.2 protocol and EXPORT grade ciphers support
27: (ciphers) DTLS 1.2 protocol and LOW grade ciphers support
test for DTLS 1.2 protocol and LOW grade ciphers support
28: (ciphers) DTLS 1.2 protocol and MEDIUM grade ciphers support
test for DTLS 1.2 protocol and MEDIUM grade ciphers support
29: (certs) CVE-2020-0601 ECC cert trust
test for trusting certificate signed by private key with custom curve
Options:
-h, --help Displays help on commandline options.
--help-all Displays help including Qt specific options.
-v, --version Displays version information.
-l, --listen-address <0.0.0.0> listen on <address>
-p, --listen-port <8443> bind to <port>
--user-cn <example.com> common name (CN) to suggest to client
--server <https://example.com> grab certificate information from <server>
--user-cert <~/host.cert> path to file containing custom certificate
(or chain of certificates)
--user-key <~/host.key> path to file containing custom private key
--user-ca-cert <~/ca.cert> path to file containing custom certificate
usable as CA
--user-ca-key <~/ca.key> path to file containing custom private key
for CA certificate
--selected-tests <1,3,5> comma-separated list of tests (id) to execute
--forward <127.0.0.1:6666> forward connection to upstream proxy
--show-ciphers show ciphers provided by loaded openssl
library
--starttls <ftp|smtp|xmpp> exchange specific STARTTLS messages before
starting secure connection
--loop-tests infinitely repeat selected tests (use Ctrl-C
to kill the tool)
-w, --wait-data-timeout <5000> wait for incoming data <ms> milliseconds
before emitting error
--output-xml <qsslcaudit.xml> save results in XML
--pid-file </tmp/qs.pid> create a pidfile once initialized
--dtls use DTLS protocol over UDP
--double-first-test execute the first test two times and ignore
its client fingerprint
Updated on: 2023-Mar-08