A2SV ? Auto Scanning SSL Vulnerability Tool For Poodle Heartbleed Fixed
A2SV is an open-source Python tool that automatically scans SSL vulnerabilities including CCS injection, HeartBleed, FREAK, Logjam, CRIME, Anonymous Cipher, SSL v2 Drown, and SSL v3 POODLE. CCS is a short form of ChangeCipherSpec messages exchanged during SSL connection. CCS messages indicate that the communication between two nodes (machines) is encrypted now. CCS is however vulnerable to eavesdropping, allowing the attacker to enforce weak SSL keys. The attacker, later on, can decrypt theses weak keys. HeartBleed is an OpenSSL cryptographic software library vulnerability that makes it easier to steal the protected information. POODE is Padding Oracle On Downgraded Legacy Encryption attack that takes advantage of SSL v3 vulnerabilities. FREAK is Factoring Attack on RSA-EXPORT Keys CVE-2015-0204. Logjam is a Diffie-Hellman key exchange vulnerability that tricks user into using weak encryption. CRIME is Compression Ratio Info-leak Made Easy attack capable of session hijacking over secure (HTTPS) connections. Anonymous cipher is cipher suites with no authentication keys. Anonymous cipher are vulnerable to man in the middle attack. DROWN is a short form of Decrypting RSA using Obsolete and Weakened Encryption. It takes advantage of SSL v2 vulnerabilities to attack servers that support modern SSL/TLS versions. A2SV tool can automatically assess the possibility of these vulnerabilities in a target website, server, or application that supports SSL prototol.
A2SV – Auto Scanning SSL Vulnerability Tool For Poodle Heartbleed
A2SV is an open source tool used for scanning SSL vulnerabilities in web applications. A2SV performs vulnerability scanning for CCS injection, Heartbleed, Logjam, Freak Attack, Anonymous Cipher, SSL v3 POODLE, SSL v2 Drown, and Crime (SPDY). CCS is the OpenSSL vulnerability that acts as Man in the Middle (MITM) to intercept network traffic and eavesdrop on communications through access to the SSL handshake.