Secure Socket Layer (SSL) is used by organizations to ensure encrypted communication between the server and the clients. In this section, we will look at the Metasploit module, which uses SSL Labs' API to gather intel about the SSL services running on a host:
- We can search for the ssllabs keyword in the module search to find the module, as shown in the following screenshot:
- Clicking the module name will redirect us to the options page. Here, we set the target and click Run Module:
A new task will be created, which will show us the scan results and output, as shown in the following screenshot:
SSL can disclose a lot of things, such as certificate authorities, organization names, hosts, and internal IPs. We can use the same module to learn about the SSL version running on the server, to check the ciphers allowed by the server, and also to check whether the target site has HTTP Strict Transport Security (HSTS) enabled.