Ceci est une ancienne révision du document !
Le PAD pour proposer une amélioration à cette page : https://pad.zenk-security.com/p/merci
🛠 sslxray is an SSL/TLS scanning tool designed to detect a wide range of issues https://github.com/portcullislabs/sslxray
🛠 A tool for exploiting Moxie Marlinspike's SSL “stripping” attack. https://github.com/moxie0/sslstrip
🛠 Fast and powerful SSL/TLS server scanning library. https://github.com/nabla-c0d3/sslyze
🛠 Auto Scanning to SSL Vulnerability https://github.com/hahwul/a2sv
🛠 Automate scans using Qualys SSL Labs https://github.com/ozzi-/consoleSSLlabs
🛠 SSL Scanner in Ruby https://github.com/DataDaoDe/ssl_scan
🛠 http://certdb.com/ - SSL/TLS data provider service. Collect the data about digital certificates - issuers, organisation, whois, expiration dates, etc… Plus, has handy filters for convenience.
🛠 https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - Strong SSL Security on nginx https://weakdh.org/ - Weak Diffie-Hellman and the Logjam Attack
🛠 https://letsencrypt.org/ - Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open.
🛠 https://filippo.io/Heartbleed/ - A checker (site and tool) for CVE-2014-0160 (Heartbleed).
🛠 TLSEraser TLSEraser allows you to eavesdrop on TCP connections secured by TLS. It creates a new virtual interface with the clear text, which you can read easily using libpcap, i. e. with tcpdump or wireshark. https://github.com/AdrianVollmer/tlseraser