Testssl.sh : Tool to check SSL/TLS related vulnerabilities


Testssl is an open source tool used to check the implementation of SSL/TLS on websites and gives a list of the cryptographic vulnerabilities or flaws by shooting simple commands. It is open source and very easy to use bash script which uses OpenSSL. Many security researchers and developers used this tool to test SSL/TLS.

Official Website: https://testssl.sh/

Advantages:

  • Clear and unambiguous results
  • Freely available
  • Open source
  • Exhaustive documentation available
  • Easy to use
  • Installation is easy
  • Available for Linux, Mac, OSX etc.

Download:

#git clone --depth 1  https://github.com/drwetter/testssl.sh.git

Check for installation

Just type the below command to see whether an installation is fine or not. It also displays all options available for scan SSL/TLS related issues.

#cd testssl.sh
#./testssl.sh

 

 

 

 

We will see the usage of testssl with 10 examples as listed below:

Example 1: Check for any SSL/TLS flaws in a website

#./testssl.ssh https://localhost:9392/

 

Example 2: Check for banner and version of an installed testssl

#./testssl.sh -b https://localhost:9392/

 

Example 3: To print all local ciphers

#./testssl.sh -V https://localhost:9392/

 

Example 4: To test all vulnerabilities such as PODDLE, BREACH, FREAK, LOGJAM, DROWN, CCS injection etc.

#./testssl.sh -U https://localhost:9392/

 

 

Example 5: To test heartbleed vulnerability

#./testssl.sh -B https://localhost:9392/

 

Example 6: To test against a STARTTLS enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql

#./testssl.sh -t pop3 https://localhost:9392/

Example 7: To check for vulnerable RC4 ciphers without displaying of a banner

#./testssl.sh --quiet -4 https://localhost:9392/

 

Example 8: To check for common ciphers suites

#./testssl.sh --quiet -f https://localhost:9392/

 

Example 9: To create a log in the current file directory

#./testssl.sh --quiet --log https://localhost:9392/

 

Example 10: To checks with OpenSSL where sockets are normally used

 

Conclusion

SSL/TLS is a bash script which used OpenSSL to identify numerous flaws-HEARTBLEED, DRAWN and many other similar problems associated with SSL/TLS.


Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

Comments:

Your email address will not be published. Required fields are marked *

 
error: