View Issue Details

IDProjectCategoryView StatusLast Update
0002031Kali LinuxTool Upgrade Requestpublic2015-01-29 17:27
Reporterjp Assigned Torhertzog  
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product Version1.0.9 
Fixed in Version1.1.0 
Summary0002031: New sslscan upstream
Description

The version of sslscan included in Kali is very old and looks dead. It doesn't support SSLv2 (bug 0000146), and when upstream Debian drops support for SSLv3, presumably that'll go as well (already happened in unstable, no idea when that's getting merged into Kali).

There are half a dozen different forks of sslscan, the most up to date seems to be this one - https://github.com/rbsec/sslscan. Lots of new features like TLSv1.1/1.2, Heartbleed and fancy coloured output. More importantly, it can be build statically against a version of OpenSSL that has SSLv2 support, so you can distribute that to let people scan SSLv2 without messing around with the system OpenSSL.

Activities

rhertzog

rhertzog

2015-01-29 17:27

administrator   ~0002980

Thanks for the report.

The sslscan package we had was coming straight from Debian. We upgraded the package with the rbsec fork and built it statically against openssl.

sslscan 1.9.10-rbsec-0kali1 will be available in the next few hours in the kali-proposed-updates repository.

Issue History

Date Modified Username Field Change
2015-01-25 15:05 jp New Issue
2015-01-29 17:27 rhertzog Note Added: 0002980
2015-01-29 17:27 rhertzog Status new => resolved
2015-01-29 17:27 rhertzog Fixed in Version => 1.1.0
2015-01-29 17:27 rhertzog Resolution open => fixed
2015-01-29 17:27 rhertzog Assigned To => rhertzog
2021-05-31 13:37 rhertzog Category Tool Upgrade => Tool Upgrade Request