Testssl.sh : Tool to check SSL/TLS related vulnerabilities [Updated 2022]
Testssl is an open-source tool used to check the implementation of SSL/TLS on websites and gives a list of the cryptographic vulnerabilities or flaws by shooting simple commands on the terminal. It is an open-source and very easy-to-use bash script that uses OpenSSL. Many security researchers and developers used this tool to test SSL/TLS.
Official Website: https://testssl.sh/
- Clear and unambiguous results
- Freely available
- Check server's service on any port
- Exhaustive documentation available
- Easy to use
- Installation is easy
- Available for Linux, Mac, OSX, etc.
--depth 1 https://github.com/drwetter/testssl.sh.git
Check for installation
Just type the below command to see whether an installation is fine or not. It also displays all options available for scanning SSL/TLS related issues.
#cd testssl.sh #./testssl.sh
We will see the usage of testssl with 10 examples as listed below:
Example 1: Check for any SSL/TLS flaws in a website
Example 2: Check for banner and version of an installed testssl
#./testssl.sh -b https://localhost:9392/
Example 3: To print all local ciphers
#./testssl.sh -V https://localhost:9392/
Example 4: To test all vulnerabilities such as POODLE, BREACH, FREAK, LOGJAM, DROWN, CCS injection, etc.
#./testssl.sh -U https://localhost:9392/
Example 5: To test heartbleed vulnerability
#./testssl.sh -B https://localhost:9392/
Example 6: To test against a STARTTLS enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql
#./testssl.sh -t pop3 https://localhost:9392/
Example 7: To check for vulnerable RC4 ciphers without displaying a banner
--quiet -4 https://localhost:9392/
Example 8: To check for common ciphers suites
--quiet -f https://localhost:9392/
Example 9: To create a log in the current file directory
Example 10: To checks with OpenSSL where sockets are normally used
Other Online Tools
- SSL Lab Server Test - https://www.ssllabs.com/ssltest
- Mozilla Observatory tool - https://observatory.mozilla.org/
Other Offline Tools
- O-Saft (developed by OWASP and considered as SSL advanced forensic tool) - https://wiki.owasp.org/index.php/O-Saft
- SSLScan (Fast SSL Scanner) - https://github.com/rbsec/sslscan
- SSLyze - https://github.com/iSECPartners/sslyze
testssl.sh is a bash program/script that used OpenSSL to identify numerous flaws-HEARTBLEED, DRAWN, and many other similar problems associated with SSL/TLS. This tool is absolutely free and recommended many times by OWASP. In the end, we have discussed other online and offline tools used to test SSL/TLS vulnerabilities.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.