testsl.sh Is an independent and open source, feature-rich command-line tool used for testing TLS / SSL Encryption enabled services for supported ciphers, protocols, and some cryptographic errors on Linux / BSD servers. It is called MSYS2 or. Can be run on macOS X and Windows using cygwin.
Testsl.sh. Features of
- Easy to install and use; Produces clear.
- Highly flexible, it can be used to test SSL / TLS enabled and STARTTLS services.
- Do a simple check or a single check.
- Single checks comes with several command-line options for different ranges.
- Supports various output types including color output.
- SSL supports session ID checking.
- Supports checking multiple server certificates.
- Provides complete privacy, only you can see results, not third parties.
- (Flat) supports logging in JSON + CSV format.
- Supports mass testing in serial (default) or parallel mode.
- Supports presetting of command-line options via environment variables, and more.
Important: You should use Bash (which comes pre-installed Most Linux distributions) And a new OpenSSL version (1.1.1) Is recommended for effective use.
How to install and use Testssl.sh in Linux?
You can install Test mr By cloning this git repository as shown.
# git clone --depth 1 https://github.com/drwetter/testssl.sh.git # cd testssl.sh
Post cloning testsl.sh, The general use case is probably to run the following command to test against a website.
# ./testssl.sh https://www.google.com/
To run a check against STARTTLS Enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql, use
-t the option.
# ./testssl.sh -t smtp https://www.google.com/
By default, all mass tests are done in serial mode, you can enable parallel testing
# ./testssl.sh --parallel https://www.google.com/
If you do not want to use the default system OpenSL program, use it -Openslee Flag to specify an option.
# ./testssl.sh --parallel --sneaky --openssl /path/to/your/openssl https://www.google.com/
You may want to keep logs for later analysis, testsl.sh is
--log (Store log file in current directory) or
--logfile (Specify log file location) option for that.
# ./testssl.sh --parallel --sneaky --logging https://www.google.com/
Use this to disable DNS lookup, which can increase test speed
# ./testssl.sh -n --parallel --sneaky --logging https://www.google.com/
Testsl.sh. Run a single check using
You can also run a single check for protocols, server defaults, server preferences, headers, various types of vulnerabilities, and many other tests. There are several options for this.
-e The flag enables you to remotely check each local cipher. If you want to make the test faster, then use include
--fast Flag; This will omit some checks, if you are using OpenSL for all ciphers, it only displays the first proffer cipher.
# ./testssl.sh -e --fast --parallel https://www.google.com/
-p The option allows testing of the TLS / SSL protocol (including SPDY / HTTP2).
# ./testssl.sh -p --parallel --sneaky https://www.google.com/
You can try using the server’s default choice and certificate
-S the option.
# ./testssl.sh -S https://www.google.com/
Next, to see the server’s preferred protocol + cipher, use
# ./testssl.sh -P https://www.google.com/
-U The option will help you test all weaknesses (if applicable).
# ./testssl.sh -U --sneaky https://www.google.com/
Unfortunately, we cannot exploit all the options here, use the command below to see the list of all options.
# ./testssl.sh --help
Search more testsl.sh Github Store: https://github.com/drwetter/testssl.sh
testsl.sh Is a useful security tool that every Linux system administrator must have and use for testing TSL / SSL enabled services.