Smittix Posted November 28, 2016 Share Posted November 28, 2016 Hi All, Long time lurker, first time poster. I'm Smittix, a fellow pentester, pleased to meet you all. So... I'm just hoping to get some idea/tips on how others handle this situation. Lately I have been performing very large penetration tests with hundreds of hosts. I was just wondering how other people go about reporting SSL Issues? For example, I had over 3000 separate issues on one pentest which was time consuming getting evidence for each issue. I've been searching for some kind of parser but no cigar unfortunately. Ideally I would like something to be able to parse multiple SSLScan (or other utility) and export the results into csv grouped by the issue for example - Poodle DROWN LogJam RC4 SSL3 & 2 Expired Certs etc etc. Does anyone know if anyone has done anything like this before before I try and recreate the wheel? Any help would be greatly appreciated as this could cut my reporting time down significantly. Thanks in advance people. Smittix. Quote Link to comment Share on other sites More sharing options...
Smittix Posted December 3, 2016 Author Share Posted December 3, 2016 8 minutes ago, kdodge said: this sounds like something that metasploit should be able to do well. have you looked into that? As far as I am aware there is nothing that can parse SSLscan output in MSF. Thanks for the reply STX Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.