Online "Passive" Info Gathering Tools

[<appsec () technicalinfo net>]

Hey there,

I have been working to bring together a number of links/forms together to make it simpler to carryout "passive" 
information gathering phases during an assessment.  While there is a vast number of online tools - I have gatherd 
togther some of my favourites - but I can't appear to find one specific online tool that would be quite useful in alot 
of cases... specially in the precursor to web application assessments.

Does anyone know of, or have, a link to a site  that does the following:
1. given an website running HTTPS - can display (and perferably analyse) the SSL certificate in a nice way.      
2. connect to website running HTTPS - and chck what versions and encryption levels the server handles (e.g. SSL v.2, 
SSL v.3, TLS, 40 bit, 56 bit....)         
3. (or more flexibly) given a DNS name and specific port - identify the version of SSL/certificate.     

While there are a number of tools that can do this (such as Nessus) - are there any sites around that provide this 
level of SSL/HTTPS analysis.  Perferably, the hosting site should be reliable and be around for more than a couple of 
months (trustworthy would be nice too). :-)

For those interested, the current collection of tools (and their righful owners links) can be found at: 
http://www.technicalinfo.net/tools/index.html

Cheers,

Gunter

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
----------------------------------------------------------------------------