Testssl.sh : Tool to check SSL/TLS related vulnerabilities [Updated 2024]

Testssl is an open-source tool used to check the implementation of SSL/TLS on websites and gives a list of the cryptographic vulnerabilities or flaws by shooting simple commands on the terminal. It is an open-source and very easy-to-use bash script that uses OpenSSL. Many security researchers and developers used this tool to test SSL/TLS.

Official Website: https://testssl.sh/

Advantages:

  • Clear and unambiguous results
  • Freely available
  • Open-source
  • Check server's service on any port
  • Exhaustive documentation available
  • Easy to use
  • Installation is easy
  • Available for Linux, Mac, OSX, etc.

Download:

#git clone --depth 1  https://github.com/drwetter/testssl.sh.git

Check for installation

Just type the below command to see whether an installation is fine or not. It also displays all options available for scanning SSL/TLS related issues.

#cd testssl.sh
#./testssl.sh

We will see the usage of testssl with 10 examples as listed below:

Example 1: Check for any SSL/TLS flaws in a website

#./testssl.ssh https://localhost:9392/

Click Here for Top 12 SSL Interview Questions

Example 2: Check for banner and version of an installed testssl

#./testssl.sh -b https://localhost:9392/

Example 3: To print all local ciphers

#./testssl.sh -V https://localhost:9392/

Example 4: To test all vulnerabilities such as POODLE, BREACH, FREAK, LOGJAM, DROWN, CCS injection, etc.

#./testssl.sh -U https://localhost:9392/

Click Here for Practical Examples of OpenSSL

Example 5: To test heartbleed vulnerability

#./testssl.sh -B https://localhost:9392/

Example 6: To test against a STARTTLS enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql

#./testssl.sh -t pop3 https://localhost:9392/

Example 7: To check for vulnerable RC4 ciphers without displaying a banner

#./testssl.sh --quiet -4 https://localhost:9392/

Example 8: To check for common ciphers suites

#./testssl.sh --quiet -f https://localhost:9392/

Example 9: To create a log in the current file directory

#./testssl.sh --quiet --log https://localhost:9392/

Example 10: To checks with OpenSSL where sockets are normally used

Other Online Tools

Other Offline Tools

Conclusion

testssl.sh is a bash program/script that used OpenSSL to identify numerous flaws-HEARTBLEED, DRAWN, and many other similar problems associated with SSL/TLS. This tool is absolutely free and recommended many times by OWASP. In the end, we have discussed other online and offline tools used to test SSL/TLS vulnerabilities.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

1 Response

  1. Swetha Jaiswal says:

    This article really helps me…

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Blockchain Security Vulnerabilities OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues