Categories: SSL/TLS

testssl.sh – Tool to check cryptographic flaws and TLS/SSL Ciphers on any Ports

testssl.sh is a free command line tool which checks a server’s administration on any port for the help of TLS/SSL ciphers, protocols and some TLS/SSL vulnerabilities.

Key features

1. Easy to install.
2. You can check with all port not only with 443.
3. Warnings if there is an issue with tests performed.
4. Compatible with Linux/BSD distribution
5. Supports more TLS extensions via sockets
6. TLS 1.3 support
7. Check for CAA RR
8. Check for OCSP must staple
9. Check for Certificate Transparency
10.Expect-CT Header Detection

How to use testssl.sh- TLS/SSL vulnerabilities

In this Kali Linux Tutorial we show how to work with testssl.sh and find all the cryptographic vulnerabilities. To download the tool.

To install testssl.sh

git clone –depth 1 https://github.com/drwetter/testssl.sh.git

To run the tool

root@kali:~/testssl.sh# ./testssl.sh

To check for Heartbleed

root@kali:~/testssl.sh# ./testssl.sh -H testdomain.com

Also Read Fast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL

To check for POODLE

root@kali:~/testssl.sh# ./testssl.sh -O testdomain.com

To perform a complete check

root@kali:~/testssl.sh# ./testssl.sh testdomain.com

To perform check with smtp

root@kali:~/testssl.sh# ./testssl.sh -t smtp testdomain.com

To see prefered SSL/TLS protocols

root@kali:~/testssl.sh# ./testssl.sh -P testdomain.com

To test the vulnerabilities

root@kali:~/testssl.sh# ./testssl.sh -U –sneaky testdomain.com

Developed By: drwetter

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.