SSL/TLS certificates Cheatsheet
Vulnerability Summary
Learn how to use sslscan to identify weak encryption configurations, deprecated SSL/TLS protocols, and potential security issues during web security assessments.
What is sslscan?
sslscan is a powerful security tool designed to identify the encryption protocols, algorithms, hash types, and SSL/TLS certificates supported by a server. It plays a crucial role in assessing the security posture of web applications and services.
Why Bug Hunters Need sslscan
In Bug Bounty programs, while a TLS misconfiguration may not always be classified as a critical vulnerability, it can serve as a gateway for various security issues, including:
- Man-in-the-Middle (MitM) Attacks: Outdated protocols like SSLv2 and SSLv3 can expose the server to interception.
- Information Leaks: Identifying vulnerabilities such as Heartbleed or POODLE can prevent data breaches.
Related Cheatsheets
heroxo9868Bug Bounty Cheatsheet
A collection of bug bounty and security testing resources covering common web vulnerabilities, exploitation techniques, reconnaissance methods, and security tools. It includes guides, real-world write-ups, checklists, and tools for testing issues like XSS, SQL injection, SSRF, file uploads, authentication bypasses, cloud misconfigurations, and subdomain enumeration.
pyus3rBSCP Exam RoadMap
A guide to completing the BSCP in the fastest and simplest way possible.