Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Using testssl.sh InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Using testssl.sh

Published: 2015-09-20
Last Updated: 2015-09-20 20:06:58 UTC
by Basil Alawi S.Taher (Version: 1)
1 comment(s)

Testssl project has announced the release of testssl 2.6. testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws.

 

Here is some examples of how to use testssl.sh:

First you have to download the script from:

https://testssl.sh/

Running the script without any option will run all the tests:

testssl.sh google.com

If you like to check for a specific vulnerability such as heartbleed you can run the following option

testssl.sh -B isc.sans.edu

To check the supported ciphers suites you can use the –f option:

./testssl.sh –f Microsoft.com


Another neat option is –H which will give you some information about the http header and it will mark the security features

./testssl.sh –H isc.sans.edu


 

Keywords:
1 comment(s)
Diary Archives