We know that the official website serves the user with a way to test our servers against DROWN attack. Apart from that, I am looking for a manual testing method to check any servers against this vulnerability. I found some methods to test POODLE here. I am looking for something similar.
Asked
Active
Viewed 6,761 times
1
-
1https://github.com/nimia/public_drown_scanner – Deer Hunter Mar 03 '16 at 06:54
1 Answers
4
There are several ways to manually confirm the results:
1- Using nmap:
nmap -sV -sC [IP]
2- Using SSLyze
sslyze --sslv2 [IP]
3- Using Google SSLScan
sslscan --no-failed [IP]
4- Directly with openSSL
openssl s_client -no_tls1 -no_ssl3 -connect [IP]
5- Externally-accessible hosts can be tested with
https://www.ssllabs.com/ssltest/
Make sure you have SSLv2 enabled on your machine. For more information, please see http://www.softwaresecured.com/2016/03/01/how-to-confirm-whether-you-are-vulnerable-to-the-drown-attack/
