How to install SSLyze on Parrot OS

·

1 min read

Check which protocols and ciphers the server supports by using SSLyze. Installation is straightforward: github.com/nabla-c0d3/sslyze

The Setup

  • Parrot OS 5.0 (Electro Ara)
  • SSLyze version 5.0.6

Installation

  1. pip install --upgrade pip setuptools wheel image.png

  2. pip install --upgrade sslyze image.png

  3. python3 -m sslyze <target> By default it will check results against Mozilla's "intermediate" configuration. See ssl-config.mozilla.org for more details.

An excerpt of the scan results:

- FAILED - Not compliant.
* maximum_certificate_lifespan: Certificate life span is 396 days, should be less than 366.
* tls_versions: TLS versions {'TLSv1.1', 'TLSv1'} are supported, but should be rejected.
* ciphers: Cipher suites {'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_RSA_WITH_AES_128_CBC_SHA', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'} are supported, but should be rejected.

image.png

Check the version

Parrot OS: cat /etc/os-release

image.png

SSLyze: sslyze --help

image.png