Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Using testssl.sh SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Using testssl.sh

Testssl project has announced the release of testssl 2.6. testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws.

 

Here is some examples of how to use testssl.sh:

First you have to download the script from:

https://testssl.sh/

Running the script without any option will run all the tests:

testssl.sh google.com

If you like to check for a specific vulnerability such as heartbleed you can run the following option

testssl.sh -B isc.sans.edu

To check the supported ciphers suites you can use the –f option:

./testssl.sh –f Microsoft.com


Another neat option is –H which will give you some information about the http header and it will mark the security features

./testssl.sh –H isc.sans.edu


 

Basil

60 Posts
ISC Handler
There's also Qualsys ssl check (https://www.ssllabs.com/ssltest/)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!