SSL Labs API Client - Metasploit
This page contains detailed information about how to use the auxiliary/gather/ssllabs_scan metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: SSL Labs API Client
Module: auxiliary/gather/ssllabs_scan
Source code: modules/auxiliary/gather/ssllabs_scan.rb
Disclosure date: -
Last modification time: 2018-01-22 16:32:16 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): 443
List of CVEs: CVE-2014-0224
This module is a simple client for the SSL Labs APIs, designed for SSL/TLS assessment during a penetration test.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use auxiliary/gather/ssllabs_scan
msf auxiliary(ssllabs_scan) > show targets
... a list of targets ...
msf auxiliary(ssllabs_scan) > set TARGET target-id
msf auxiliary(ssllabs_scan) > show options
... show and set options ...
msf auxiliary(ssllabs_scan) > exploit
Required Options
- HOSTNAME: The target hostname
Go back to menu.
Msfconsole Usage
Here is how the gather/ssllabs_scan auxiliary module looks in the msfconsole:
msf6 > use auxiliary/gather/ssllabs_scan
msf6 auxiliary(gather/ssllabs_scan) > show info
Name: SSL Labs API Client
Module: auxiliary/gather/ssllabs_scan
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
Denis Kolegov <[email protected]>
Francois Chagnon
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
DELAY 5 yes The delay in seconds between API requests
GRADE false yes Output only the hostname: grade
HOSTNAME yes The target hostname
IGNOREMISMATCH true yes Proceed with assessments even when the server certificate doesn't match the assessment hostname
USECACHE true yes Use cached results (if available), else force live scan
Description:
This module is a simple client for the SSL Labs APIs, designed for
SSL/TLS assessment during a penetration test.
Module Options
This is a complete list of options available in the gather/ssllabs_scan auxiliary module:
msf6 auxiliary(gather/ssllabs_scan) > show options
Module options (auxiliary/gather/ssllabs_scan):
Name Current Setting Required Description
---- --------------- -------- -----------
DELAY 5 yes The delay in seconds between API requests
GRADE false yes Output only the hostname: grade
HOSTNAME yes The target hostname
IGNOREMISMATCH true yes Proceed with assessments even when the server certificate doesn't match the assessment hostname
USECACHE true yes Use cached results (if available), else force live scan
Advanced Options
Here is a complete list of advanced options supported by the gather/ssllabs_scan auxiliary module:
msf6 auxiliary(gather/ssllabs_scan) > show advanced
Module advanced options (auxiliary/gather/ssllabs_scan):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the gather/ssllabs_scan module can do:
msf6 auxiliary(gather/ssllabs_scan) > show actions
Auxiliary actions:
Name Description
---- -----------
Evasion Options
Here is the full list of possible evasion options supported by the gather/ssllabs_scan auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(gather/ssllabs_scan) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
API returned: <ERRORS>
Here is a relevant code snippet related to the "API returned: <ERRORS>" error message:
43:
44: if res && res.code.to_i == 200
45: @max_assessments = res.headers['X-Max-Assessments']
46: @current_assessments = res.headers['X-Current-Assessments']
47: r = JSON.load(res.body)
48: fail InvocationError, "API returned: #{r['errors']}" if r.key?('errors')
49: return r
50: end
51:
52: case res.code.to_i
53: when 400
HTTP error code <R.CODE>
Here is a relevant code snippet related to the "HTTP error code <R.CODE>" error message:
59: when 503
60: fail ServiceNotAvailable
61: when 529
62: fail ServiceOverloaded
63: else
64: fail StandardError, "HTTP error code #{r.code}", caller
65: end
66: end
67:
68: def report_unused_attrs(type, unused_attrs)
69: unused_attrs.each do | attr |
Invalid hostname
Here is a relevant code snippet related to the "Invalid hostname" error message:
789:
790: def run
791: delay = datastore['DELAY']
792: hostname = datastore['HOSTNAME']
793: unless valid_hostname?(hostname)
794: print_status "Invalid hostname"
795: return
796: end
797:
798: usecache = datastore['USECACHE']
799: grade = datastore['GRADE']
ERROR
Here is a relevant code snippet related to the "ERROR" error message:
835: when "IN_PROGRESS"
836: output_testing_details(r)
837: when "READY"
838: output_result(r, grade)
839: return
840: when "ERROR"
841: print_error "#{r.status_message}"
842: return
843: else
844: print_error "Unknown assessment status"
845: return
Unknown assessment status
Here is a relevant code snippet related to the "Unknown assessment status" error message:
839: return
840: when "ERROR"
841: print_error "#{r.status_message}"
842: return
843: else
844: print_error "Unknown assessment status"
845: return
846: end
847: sleep delay
848: r = api.analyse(host: hostname, all: 'done')
849: end
Request rate is too high, please slow down
Here is a relevant code snippet related to the "Request rate is too high, please slow down" error message:
847: sleep delay
848: r = api.analyse(host: hostname, all: 'done')
849: end
850:
851: rescue RequestRateTooHigh
852: print_error "Request rate is too high, please slow down"
853: rescue InternalError
854: print_error "Service encountered an error, sleep 5 minutes"
855: rescue ServiceNotAvailable
856: print_error "Service is not available, sleep 15 minutes"
857: rescue ServiceOverloaded
Service encountered an error, sleep 5 minutes
Here is a relevant code snippet related to the "Service encountered an error, sleep 5 minutes" error message:
849: end
850:
851: rescue RequestRateTooHigh
852: print_error "Request rate is too high, please slow down"
853: rescue InternalError
854: print_error "Service encountered an error, sleep 5 minutes"
855: rescue ServiceNotAvailable
856: print_error "Service is not available, sleep 15 minutes"
857: rescue ServiceOverloaded
858: print_error "Service is overloaded, sleep 30 minutes"
859: rescue
Service is not available, sleep 15 minutes
Here is a relevant code snippet related to the "Service is not available, sleep 15 minutes" error message:
851: rescue RequestRateTooHigh
852: print_error "Request rate is too high, please slow down"
853: rescue InternalError
854: print_error "Service encountered an error, sleep 5 minutes"
855: rescue ServiceNotAvailable
856: print_error "Service is not available, sleep 15 minutes"
857: rescue ServiceOverloaded
858: print_error "Service is overloaded, sleep 30 minutes"
859: rescue
860: print_error "Invalid parameters"
861: end
Service is overloaded, sleep 30 minutes
Here is a relevant code snippet related to the "Service is overloaded, sleep 30 minutes" error message:
852: print_error "Request rate is too high, please slow down"
853: rescue InternalError
854: print_error "Service encountered an error, sleep 5 minutes"
855: rescue ServiceNotAvailable
856: print_error "Service is not available, sleep 15 minutes"
857: rescue ServiceOverloaded
858: print_error "Service is overloaded, sleep 30 minutes"
859: rescue
860: print_error "Invalid parameters"
861: end
862: end
Invalid parameters
Here is a relevant code snippet related to the "Invalid parameters" error message:
852: print_error "Request rate is too high, please slow down"
853: rescue InternalError
854: print_error "Service encountered an error, sleep 5 minutes"
855: rescue ServiceNotAvailable
856: print_error "Service is not available, sleep 15 minutes"
857: rescue ServiceOverloaded
858: print_error "Service is overloaded, sleep 30 minutes"
859: rescue
860: print_error "Invalid parameters"
861: end
862: end
Go back to menu.
Related Pull Requests
- #9445 Merged Pull Request: update SSL Labs scanner with new API, be robust
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #6646 Merged Pull Request: Add TLS Server Name Indication (SNI) Support, unify SSLVersion options
- #6644 Merged Pull Request: Preserve default types for datastore options
- #5466 Merged Pull Request: Add butchered version of CVE-2015-1701
- #5544 Merged Pull Request: Updated SSL Labs API objects
- #5312 Merged Pull Request: Various post-commit fixups
- #5016 Merged Pull Request: Initial commit for supporting SSL Labs API
Go back to menu.
See Also
Check also the following modules related to this module:
- auxiliary/scanner/ssl/openssl_ccs
- auxiliary/bnat/bnat_scan
- auxiliary/scanner/scada/digi_realport_serialport_scan
Authors
- Denis Kolegov <dnkolegov[at]gmail.com>
- Francois Chagnon
Version
This page has been produced using Metasploit Framework version 6.1.28-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.