Logo
  • Ubuntu
  • CentOS
  • Debian
  • Fedora
  • RedHat

Testssl.sh – Testing TLS/SSL Encryption Anywhere on Any Port - DesignLinux

May 11 2021
designlinux 0 Comments

testssl.sh is a free and open-source, feature-rich command-line tool used for checking TLS/SSL encryption enabled services for supported ciphers, protocols, and some cryptographic flaws, on Linux/BSD servers. It can be run on macOS X and Windows using MSYS2 or Cygwin.

Features of Testssl.sh

  • Easy to install and use; produces clear output.
  • Highly flexible, it can be used to check SSL/TLS enabled and STARTTLS services.
  • Perform a general check or single checks.
  • Comes with several command-line options for various categories of single checks.
  • Supports different output types, including colored output.
  • Supports SSL Session ID check.
  • Supports checking for multiple server certificates.
  • Offers absolute privacy, it’s only you who can see the result, not a third party.
  • Supports logging in (flat) JSON + CSV format.
  • Supports mass testing in serial (default) or parallel modes.
  • Supports presetting of command-line options via environment variables, and so much more.

Important: You should be using bash (which comes preinstalled on most Linux distributions) and a newer OpenSSL version (1.1.1) is recommended for effective usage.

How to Install and Use Testssl.sh in Linux

You can install testssl. sh by cloning this git repository as shown.

# git clone --depth 1 https://github.com/drwetter/testssl.sh.git
# cd testssl.sh

After the cloning testssl.sh, the general use case is probably just to run the following command to do a test against a website.

# ./testssl.sh https://www.google.com/
Test SSL TLS Encryption
Test SSL TLS Encryption

To run a check against STARTTLS enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql, use the -t option.

# ./testssl.sh -t smtp https://www.google.com/

By default, all mass tests are done in serial mode, you can enable parallel testing using the --parallel flag.

# ./testssl.sh --parallel https://www.google.com/

If you do not want to use the default system openssl program, use the –openssl flag to specify an alternative.

# ./testssl.sh --parallel --sneaky --openssl /path/to/your/openssl https://www.google.com/

You might want to keep logs for later analysis, testssl.sh has the --log (store log file in the current directory) or --logfile (specify log file location) option for that.

# ./testssl.sh --parallel --sneaky --logging https://www.google.com/

To disable DNS lookup, which can increase test speeds, use the -n flag.

# ./testssl.sh -n --parallel --sneaky --logging https://www.google.com/

Run Single Checks Using testssl.sh

You can also run single checks for protocols, server defaults, server preferences, headers, various types of vulnerabilities plus many other tests. There are a number of options provided for this.

For example, the -e flag enables you to check each local cipher remotely. If you want to make the test much faster, use include the --fast flag; this will omit some checks, in case you are using openssl for all ciphers, it only displays the first proffered cipher.

# ./testssl.sh -e --fast --parallel https://www.google.com/

The -p option allows for testing TLS/SSL protocols (including SPDY/HTTP2).

# ./testssl.sh -p --parallel --sneaky https://www.google.com/

You can view the server’s default picks and certificate using the -S option.

# ./testssl.sh -S https://www.google.com/

Next, to see the server’s preferred protocol+cipher, use the -P flag.

# ./testssl.sh -P https://www.google.com/

The -U option will help you test all vulnerabilities (if applicable).

# ./testssl.sh -U --sneaky https://www.google.com/

Unfortunately, we can not exploit all the options here, use the command below to see a list of all options.

# ./testssl.sh --help

Find more at testssl.sh Github repository: https://github.com/drwetter/testssl.sh

Conclusion

testssl.sh is a useful security tool that every Linux system administrator needs to have and use for testing TSL/SSL enabled services. If you have any questions or thoughts to share, use the comment form below. In addition, you can also share with us any similar tools, that you have come across out there.

Related

Tags: commandline tools

Axel – A Command-Line File Download Accelerator for Linux

Prev Post

Kali Linux 2021.1 – Fresh Installation Guide

Next Post
Archives
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
Categories
  • AlmaLinux
  • Android
  • Ansible
  • Apache
  • Arch Linux
  • AWS
  • Backups
  • Bash Shell
  • Bodhi Linux
  • CentOS
  • CentOS Stream
  • Chef
  • Cloud Software
  • CMS
  • Commandline Tools
  • Control Panels
  • CouchDB
  • Data Recovery Tools
  • Databases
  • Debian
  • Deepin Linux
  • Desktops
  • Development Tools
  • Docker
  • Download Managers
  • Drupal
  • Editors
  • Elementary OS
  • Encryption Tools
  • Fedora
  • Firewalls
  • FreeBSD
  • FTP
  • GIMP
  • Git
  • Hadoop
  • HAProxy
  • Java
  • Jenkins
  • Joomla
  • Kali Linux
  • KDE
  • Kubernetes
  • KVM
  • Laravel
  • Let's Encrypt
  • LFCA
  • Linux Certifications
  • Linux Commands
  • Linux Desktop
  • Linux Distros
  • Linux IDE
  • Linux Mint
  • Linux Talks
  • Lubuntu
  • LXC
  • Mail Server
  • Manjaro
  • MariaDB
  • MongoDB
  • Monitoring Tools
  • MySQL
  • Network
  • Networking Commands
  • NFS
  • Nginx
  • Nodejs
  • NTP
  • Open Source
  • OpenSUSE
  • Oracle Linux
  • Package Managers
  • Pentoo
  • PHP
  • Podman
  • Postfix Mail Server
  • PostgreSQL
  • Python
  • Questions
  • RedHat
  • Redis Server
  • Rocky Linux
  • Security
  • Shell Scripting
  • SQLite
  • SSH
  • Storage
  • Suse
  • Terminals
  • Text Editors
  • Top Tools
  • Torrent Clients
  • Tutorial
  • Ubuntu
  • Udemy Courses
  • Uncategorized
  • VirtualBox
  • Virtualization
  • VMware
  • VPN
  • VSCode Editor
  • Web Browsers
  • Web Design
  • Web Hosting
  • Web Servers
  • Webmin
  • Windows
  • Windows Subsystem
  • WordPress
  • Zabbix
  • Zentyal
  • Zorin OS
Visits
  • 0
  • 831
  • 615,203

DesignLinux.com © All rights reserved

Go to mobile version