testsl.sh Is an independent and open source, feature-rich command-line tool used for testing TLS / SSL Encryption enabled services for supported ciphers, protocols, and some cryptographic errors on Linux / BSD servers. It is called MSYS2 or. Can be run on macOS X and Windows using cygwin.

Testsl.sh. Features of

  • Easy to install and use; Produces clear.
  • Highly flexible, it can be used to test SSL / TLS enabled and STARTTLS services.
  • Do a simple check or a single check.
  • Single checks comes with several command-line options for different ranges.
  • Supports various output types including color output.
  • SSL supports session ID checking.
  • Supports checking multiple server certificates.
  • Provides complete privacy, only you can see results, not third parties.
  • (Flat) supports logging in JSON + CSV format.
  • Supports mass testing in serial (default) or parallel mode.
  • Supports presetting of command-line options via environment variables, and more.

Important: You should use Bash (which comes pre-installed Most Linux distributions) And a new OpenSSL version (1.1.1) Is recommended for effective use.

How to install and use Testssl.sh in Linux?

You can install Test mr By cloning this git repository as shown.

# git clone --depth 1 https://github.com/drwetter/testssl.sh.git
# cd testssl.sh

Post cloning testsl.sh, The general use case is probably to run the following command to test against a website.

# ./testssl.sh https://www.google.com/

To run a check against STARTTLS Enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql, use -t the option.

# ./testssl.sh -t smtp https://www.google.com/


By default, all mass tests are done in serial mode, you can enable parallel testing --parallel Flag.

# ./testssl.sh --parallel https://www.google.com/

If you do not want to use the default system OpenSL program, use it -Openslee Flag to specify an option.

# ./testssl.sh --parallel --sneaky --openssl /path/to/your/openssl https://www.google.com/

You may want to keep logs for later analysis, testsl.sh is --log (Store log file in current directory) or --logfile (Specify log file location) option for that.

# ./testssl.sh --parallel --sneaky --logging https://www.google.com/

Use this to disable DNS lookup, which can increase test speed -n Flag.

# ./testssl.sh -n --parallel --sneaky --logging https://www.google.com/

Testsl.sh. Run a single check using

You can also run a single check for protocols, server defaults, server preferences, headers, various types of vulnerabilities, and many other tests. There are several options for this.

for example, -e The flag enables you to remotely check each local cipher. If you want to make the test faster, then use include --fast Flag; This will omit some checks, if you are using OpenSL for all ciphers, it only displays the first proffer cipher.

# ./testssl.sh -e --fast --parallel https://www.google.com/

-p The option allows testing of the TLS / SSL protocol (including SPDY / HTTP2).

# ./testssl.sh -p --parallel --sneaky https://www.google.com/

You can try using the server’s default choice and certificate -S the option.

# ./testssl.sh -S https://www.google.com/

Next, to see the server’s preferred protocol + cipher, use -P Flag.

# ./testssl.sh -P https://www.google.com/

-U The option will help you test all weaknesses (if applicable).

# ./testssl.sh -U --sneaky https://www.google.com/

Unfortunately, we cannot exploit all the options here, use the command below to see the list of all options.

# ./testssl.sh --help

Search more testsl.sh Github Store: https://github.com/drwetter/testssl.sh

The conclusion

testsl.sh Is a useful security tool that every Linux system administrator must have and use for testing TSL / SSL enabled services.