We know that the official website serves the user with a way to test our servers against DROWN attack. Apart from that, I am looking for a manual testing method to check any servers against this vulnerability. I found some methods to test POODLE here. I am looking for something similar.
1
- 1github.com/nimia/public_drown_scannerDeer Hunter– Deer Hunter2016-03-03 06:54:57 +00:00Commented Mar 3, 2016 at 6:54
Add a comment |
1 Answer
There are several ways to manually confirm the results:
1- Using nmap:
nmap -sV -sC [IP] 2- Using SSLyze
sslyze --sslv2 [IP] 3- Using Google SSLScan
sslscan --no-failed [IP] 4- Directly with openSSL
openssl s_client -no_tls1 -no_ssl3 -connect [IP] 5- Externally-accessible hosts can be tested with
https://www.ssllabs.com/ssltest/
Make sure you have SSLv2 enabled on your machine. For more information, please see http://www.softwaresecured.com/2016/03/01/how-to-confirm-whether-you-are-vulnerable-to-the-drown-attack/
