Threat Level: green Handler on Duty: John Bambenek

SANS ISC: Using testssl.sh - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Using testssl.sh

Testssl project has announced the release of testssl 2.6. testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws.

 

Here is some examples of how to use testssl.sh:

First you have to download the script from:

https://testssl.sh/

Running the script without any option will run all the tests:

testssl.sh google.com

If you like to check for a specific vulnerability such as heartbleed you can run the following option

testssl.sh -B isc.sans.edu

To check the supported ciphers suites you can use the –f option:

./testssl.sh –f Microsoft.com


Another neat option is –H which will give you some information about the http header and it will mark the security features

./testssl.sh –H isc.sans.edu


 

Basil

52 Posts
ISC Handler
There's also Qualsys ssl check (https://www.ssllabs.com/ssltest/)
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!