Last active
August 29, 2015 14:16
-
-
Save degan/70e8059507d173751294 to your computer and use it in GitHub Desktop.
FREAK Attack server test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
see discussion below |
You can use this online tool to check if you webserver is vulnerable:
Great feedback and discussion, it looks like nmap is indeed a better method:
nmap --script ssl-enum-ciphers -p 443 sohu.com|grep EXPORT
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On my system (CentOS 6.6), nmap outputs on STDERR not STDOUT... so you need an extra 2>&1 to avoid false "safe" messages... ie
nmap --script ssl-enum-ciphers -p 443 sohu.com 2>&1 | grep EXPORT -l | wc -l
Edit...
Hmm... not quite true... for sohu.com (as above..) I need it... but for example, for mumsnet.com I didn't ?? Don't have time to experiment... but to be sure... I'd check the output....