Skip to content

TestSSL – SSL scan

testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

URL: https://github.com/drwetter/testssl.sh 

The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad. The (screen) output has several sections in which classes of checks are being performed. To ease readability on the screen it aligns and indents the output properly.

Usage

The normal use case is probably just testssl.sh .

Starting testssl.sh with no params will give you a general idea how to use it:

– userid@somehost:~ % testssl.sh

– testssl.sh [options] ” or “testssl.sh

GENERAL
testssl.sh URI as the default invocation does the so-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen. It does every check listed below except -E which are (order of appearance):

0) displays a banner (see below), does a DNS lookup also for further IP addresses and does for the returned IP address a reverse lookup. Last but not least a service check is being done.

1) SSL/TLS protocol check

2) standard cipher categories to give you upfront an idea for the ciphers supported

3) checks (perfect) forward secrecy: ciphers and elliptical curves

4) server preferences (server order)

5) server defaults (certificate info, TLS extensions, session information)

6) HTTP header (if HTTP detected or being forced via –assume-http)

7) vulnerabilities

8) testing each of 370 preconfigured ciphers

9) client simulation


[options]

--help                        what you're looking at
-b, --banner                  displays banner + version of testssl.sh
-v, --version                 same as previous
--file/-iL                    Mass testing option: Reads one testssl.sh command line per line from .
                              Can be combined with --serial or --parallel. Implicitly turns on "--warnings batch".
                              Text format 1: Comments via # allowed, EOF signals end of 
                              Text format 2: nmap output in greppable format (-oG), 1 port per line allowed
--log, --logging              logs stdout to '${NODE}-p${port}${YYYYMMDD-HHMM}.log' in current working directory (cwd)
--logfile|-oL                 logs stdout to 'dir/${NODE}-p${port}${YYYYMMDD-HHMM}.log'. If 'logfile' is a dir or to a specified 'logfile'
--json                        additional output of findings to flat JSON file '${NODE}-p${port}${YYYYMMDD-HHMM}.json' in cwd
--jsonfile|-oj                additional output to the specified flat JSON file or directory, similar to --logfile
--json-pretty                 additional JSON structured output of findings to a file '${NODE}-p${port}${YYYYMMDD-HHMM}.json' in cwd
--jsonfile-pretty|-oJ         additional JSON structured output to the specified file or directory, similar to --logfile
--csv                         additional output of findings to CSV file '${NODE}-p${port}${YYYYMMDD-HHMM}.csv' in cwd or directory
--csvfile|-oC                 additional output as CSV to the specified file or directory, similar to --logfile
--html                        additional output as HTML to file '${NODE}-p${port}${YYYYMMDD-HHMM}.html'
--htmlfile|-oH                additional output as HTML to the specified file or directory, similar to --logfile
--out(f,F)ile|-oa/-oA         log to a LOG,JSON,CSV,HTML file (see nmap). -oA/-oa: pretty/flat JSON.
                              "auto" uses '${NODE}-p${port}${YYYYMMDD-HHMM}'. If fname if a dir uses 'dir/${NODE}-p${port}${YYYYMMDD-HHMM}'

Download:

#git clone – depth 1  https://github.com/drwetter/testssl.sh.git

Check for installation

Just type the below command to see whether an installation is fine or not. It also displays all options available for scan SSL/TLS related issues.

#cd testssl.sh

#./testssl.sh

Example 1: Check for any SSL/TLS flaws in a website

#./testssl.ssh https://localhost:9392/

Example 2: Check for banner and version of an installed testssl

#./testssl.sh -b https://localhost:9392/

Example 3: To print all local ciphers

#./testssl.sh -V https://localhost:9392/

Example 4: To test all vulnerabilities such as POODLE, BREACH, FREAK, LOGJAM, DROWN, CCS injection, etc.

#./testssl.sh -U https://localhost:9392/

Example 5: To test heartbleed vulnerability

#./testssl.sh -B https://localhost:9392/

Example 6: To test against a STARTTLS enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql

#./testssl.sh -t pop3 https://localhost:9392/

Example 7: To check for vulnerable RC4 ciphers without displaying of a banner

#./testssl.sh – quiet -4 https://localhost:9392/

Example 8: To check for common ciphers suites

#./testssl.sh – quiet -f https://localhost:9392/

Example 9: To create a log in the current file directory

#./testssl.sh – quiet – log https://localhost:9392/