Performing SSL/TLS Security Assessment

Use sslyze to assess SSL/TLS server configurations: supported protocols, cipher suites, certificate chains, HSTS/OCSP, and common vulnerabilities like Heartblee

triggers:ssl tls assessmentsslyzecertificate chainheartbleedrobotcipher suitestls scanning

GitHub SKILL.md

What it does

This skill provides a hands-on procedure for assessing SSL/TLS server security using the sslyze Python library. It describes how to enumerate supported protocol versions, evaluate cipher suite strength and ordering, validate certificate chains and SAN coverage, check HSTS and OCSP stapling, and run targeted vulnerability checks (Heartbleed, ROBOT, session renegotiation). The guidance covers scanning non-443 TLS services and explains SNI, STARTTLS, and how to corroborate findings with testssl.sh or manual openssl handshakes.

When to use it

Use this skill during penetration tests, incident response, scheduled security audits, or when validating TLS configuration changes. It's appropriate when you need definitive proof (handshake success) for weak protocols or ciphers, or when auditing multiple TLS-bearing services (HTTPS, SMTP STARTTLS, IMAP, FTPS, DB TLS endpoints).

What's included

Scripts: none included in repo snapshot, but procedural steps and example commands are present in the skill body
References: none included as sibling files, but the skill body references sslyze, testssl.sh, and openssl usage patterns
Instructions: step-by-step scanning flow: configure ServerScanRequest, queue and run sslyze checks, analyze accepted ciphers and certificate chain, and produce a JSON security report with remediation recommendations.

Compatible agents

Inferred compatibility: CLI-capable agents and code-focused assistants that can run Python tooling (sslyze), such as Copilot/Codex-style or Claude-Code style agents that support running shell commands and Python scripts.

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: xalgorix
Stars: 599
Installs: 0

More from xalgorix

Building Threat Hunt Hypothesis Framework

Framework and workflow to turn threat intelligence and telemetry into testable, falsifiable threat-hunting hypotheses for proactive detection.

Ransomware-Resilient Backup Strategy

Designs and documents a ransomware-resilient backup architecture (3-2-1-1-0), immutability, credential isolation and automated restore testing aligned to RPO/RT

Related Skills

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.

Evaluating Threat Intelligence Platforms

Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte

HiveMind Architect Strategist

Research-first architecture review and strategic planning skill: scans codebases, finds architectural issues, and synthesizes evidence-based recommendations for

Performing Threat Modeling with OWASP Threat Dragon

Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi

Skill Vetter

Pre-install security gate that scans a skill for prompt-injection, secrets, and other vulnerabilities before installation.

Tabletop Exercise Designer

Design and generate CISA-aligned cybersecurity tabletop exercises, facilitator guides, participant materials, technical atomics, and SOP gap analyses for incide

NVD CVE Vulnerability Search

Search the NVD for CVEs by ID or keyword, retrieve CVSS scores, CWE info, affected configurations and remediation references to support audits, incident respons

GoPlus AgentGuard

An AI security guard for agents: scans code/skills for vulnerabilities, evaluates runtime actions, and manages a trust registry to prevent leaks and dangerous c

Back to Skills