If this tool helped you, you can buy us a coffee ☕
Scan a specified domain for the SSL FREAK vulnerability (CVE-2015-0204) and assess TLS/SSL security configuration risks.
Please enter a domain or IP address to start detection
Download Link Converter
Convert HTTP/HTTPS file URLs into dedicated download links for Thunder, FlashGet, and QQ Xuanfeng to use with various download clients.
IPv4 / IPv6 Address Converter
A two-way IPv4 and IPv6 address converter for network configuration, debugging, and format validation.
SSL CCS Injection Vulnerability Scanner
Scan target servers for the CVE-2014-0224 vulnerability, assess SSL communication security, and generate a CVE/CWE risk report.
SSL Heartbleed Vulnerability Scanner
Online scanner to check websites or servers for the CVE-2014-0160 (Heartbleed) vulnerability and assess SSL/TLS security.
Download Link Converter
Convert HTTP/HTTPS file URLs into dedicated download links for Thunder, FlashGet, and QQ Xuanfeng to use with various download clients.
IPv4 / IPv6 Address Converter
A two-way IPv4 and IPv6 address converter for network configuration, debugging, and format validation.
SSL CCS Injection Vulnerability Scanner
Scan target servers for the CVE-2014-0224 vulnerability, assess SSL communication security, and generate a CVE/CWE risk report.
SSL Heartbleed Vulnerability Scanner
Online scanner to check websites or servers for the CVE-2014-0160 (Heartbleed) vulnerability and assess SSL/TLS security.
Random User Agent Generator
Generate random browser User-Agent strings for developers, QA testers, and web scrapers to simulate various devices and platforms.
When you are unsure whether your website is at risk of man-in-the-middle attacks due to outdated TLS configurations, this tool provides a quick answer. The SSL FREAK vulnerability (CVE-2015-0204) is a flaw in the SSL/TLS protocol that allows attackers to force encrypted connections to downgrade to weak, export-grade RSA keys, which can then be cracked to steal transmitted data. This tool actively initiates a TLS handshake with your entered domain (e.g., example.com) and specified port (e.g., 443) to detect if it still supports these proven-insecure export-grade cipher suites, outputting a definitive result on the presence of this specific vulnerability.
Q: What does it mean if the result says "Vulnerable"?
A: It means the target server's SSL/TLS configuration supports export-grade RSA cipher suites that have been flagged as weak. The server is likely affected by the CVE-2015-0204 (FREAK) vulnerability and is at risk of man-in-the-middle attacks that downgrade encryption strength and decrypt communications. You should immediately disable all export-grade cipher suites on the server.
Q: How do I fix the SSL FREAK vulnerability?
A: Update TLS libraries like OpenSSL on your server to a secure version, and explicitly disable all cipher suites containing the keyword "EXPORT" in your configuration.
This tool only performs a targeted check for the FREAK vulnerability and cannot replace a comprehensive security audit. An "OK" result only indicates that this specific vulnerability was not found; it does not mean the system is absolutely secure. Ensure the domain you enter can be publicly resolved. The tool does not store or log the domain information you enter. In multi-IP scenarios behind a load balancer, the tool may only scan one of the entry IPs.
The FREAK vulnerability primarily affects servers and clients that retained weak "export-grade" encryption algorithms historically required to comply with US export control regulations. In modern security practices, suites like "TLS_RSA_EXPORT_WITH_RC4_40_MD5" should be completely disabled in TLS configurations. A typical test example: enter "example.com" and port "443". If the "Safe" status in the results is not "OK" and the "CVE" field displays "CVE-2015-0204", the vulnerability is confirmed. We recommend incorporating this tool into your periodic security compliance checks, especially running validations after updating server software or configurations.
