SSL scan analyzes a server’s SSL configuration and validates the certificates. It also tests for weak cipher suites and identifies the configuration information that may support additional attacks.
Usage
URL="www.someurl.com"
sslscan $URL > sslscan.txt
From a list of IPs
SSLscan does NOT support “~/” in target path
sslscan --targets=/home/kali/IPs.txt
for IP in $(cat IPs.txt | grep -v '#'); do sslscan --show-certificate --no-colour $IP > sslscan_${IP}.txt; done;
for IP in $(cat IPs.txt | grep -v '#'); do echo $IP; sslscan --show-certificate --no-colour $IP >> sslscan_${IP}.txt; done;
Search vulnerability in XML reports
cat ~/sslscan*.xml | grep -E "ssltest|<self-signed>true</self-signed>|<expired>true</expired>|<not-valid-after> " > ~/sslscan_vulns.txt