testssl.sh/Readme.md

129 lines
5.6 KiB
Markdown
Raw Normal View History

## Intro
[![Build Status](https://travis-ci.org/drwetter/testssl.sh.svg?branch=master)](https://travis-ci.org/drwetter/testssl.sh)
[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/drwetter/testssl.sh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
`testssl.sh` is a free command line tool which checks a server's service on
any port for the support of TLS/SSL ciphers, protocols as well as some
cryptographic flaws.
### Key features
* Clear output: you can tell easily whether anything is good or bad.
* Machine readable output.
* No installation needed: Linux, OSX/Darwin, FreeBSD, NetBSD, MSYS2/Cygwin,
WSL work out of the box. Only OpenBSD needs bash. No need to install
or to configure something. No gems, CPAN, pip or the like.
* A Dockerfile is provided, there's also an offical container @ dockerhub.
* Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not
only web servers at port 443.
* Toolbox: Several command line options help you to run *your* test and
configure *your* output.
* Reliability: features are tested thoroughly.
* Privacy: It's only you who sees the result, not a third party.
* Freedom: It's 100% open source. You can look at the code, see what's going on.
* The development is open (github) and participation is welcome.
### License
This software is free. You can use it under the terms of GPLv2, see LICENSE.
In addition starting from version 3.0rc1 if you're offering a scanner based on testssl.sh
as a public and / or paid service in the internet you need to mention to your audience that you're using
this program and where to get this program from.
### Compatibility
testssl.sh is working on every Linux/BSD distribution out of the box. Latest by 2.9dev
most of the limitations of disabled features from the openssl client are gone
due to bash-socket-based checks. As a result you can also use e.g. LibreSSL or OpenSSL
1.1.1 . testssl.sh also works on other unixoid system out of the box, supposed they have
`/bin/bash` >= version 3.2 and standard tools like sed and awk installed. An implicit
(silent) check for binaries is done when you start testssl.sh . System V needs probably
to have GNU grep installed. MacOS X and Windows (using MSYS2, Cygwin or WSL) work too.
Update notification here or @ [twitter](https://twitter.com/drwetter).
### Installation
2017-07-13 13:55:22 +02:00
You can download testssl.sh by cloning this git repository:
2017-09-19 17:34:22 +02:00
git clone --depth 1 https://github.com/drwetter/testssl.sh.git
2017-07-13 13:55:22 +02:00
2019-08-08 21:10:07 +02:00
Or help yourself downloading the ZIP archive [https://github.com/drwetter/testssl.sh/archive/3.0.zip](https://github.com/drwetter/testssl.sh/archive/3.0.zip). Just ``cd`` to the directory created (=INSTALLDIR) and run it off there.
2017-07-13 13:55:22 +02:00
2019-08-08 21:10:07 +02:00
#### Docker
Testssl.sh has minimal requirements. As stated you don't have to install or build anything. You can just run it from the pulled/cloned directory. Still if you don't want to pull the github repo to your directory of choice you can pull a container from dockerhub and run it:
```
docker run --rm -ti drwetter/testssl.sh <your_cmd_line>
```
2019-08-08 21:10:07 +02:00
Or if you have cloned this repo you also can just ``cd`` to the INSTALLDIR and run
```
docker build .
2019-08-08 21:10:07 +02:00
```
followed by ``docker exec -ti <ID> <your_cmd_line>`` where ``ID`` is the identifier in the last line from the build command like
```
---> 889fa2f99933
Successfully built 889fa2f99933
```
2017-07-13 13:55:22 +02:00
### Status
We're currently in the late release candidate phase. That means you can and should use it for production
2019-08-08 21:10:07 +02:00
and let us know if you encounter any additional bugs. Features implemented in 3.0 are listed in the [Changelog](https://github.com/drwetter/testssl.sh/blob/3.0/CHANGELOG.md).
Support for 2.9.5 has been dropped.
### Documentation
* .. it is there for reading. Please do so :-) -- at least before asking questions. See man page in groff, html and markdown format in `~/doc/`.
* [https://testssl.sh/](https://testssl.sh/) will help to get you started.
* Will Hunt provides a longer, good [description](https://www.4armed.com/blog/doing-your-own-ssl-tls-testing/) for the (older) version 2.8, including useful background info.
2016-11-03 13:42:18 +01:00
### Contributing
2019-08-08 21:10:07 +02:00
Contributions are welcome! See [CONTRIBUTING.md](https://github.com/drwetter/testssl.sh/blob/3.0/CONTRIBUTING.md) for details.
### Bug reports
2019-08-08 21:10:07 +02:00
Bug reports are important. It makes this project more robust.
2019-08-08 21:10:07 +02:00
Please file bugs in the issue tracker @ github. Do not forget to provide detailed information, see template for issue, and further details @
https://github.com/drwetter/testssl.sh/wiki/Bug-reporting. Nobody can read your thoughts -- yet. And only agencies your screen ;-)
You can also debug yourself, see [here](https://github.com/drwetter/testssl.sh/wiki/Findings-and-HowTo-Fix-them).
----
### External/related projects
Please address questions not specifically to the code of testssl.sh to the respective projects below.
#### Cool web frontend
* https://github.com/TKCERT/testssl.sh-webfrontend
2017-07-13 13:55:22 +02:00
#### Mass scanner w parallel scans and elastic searching the results
* https://github.com/TKCERT/testssl.sh-masscan
#### Another ready-to-go docker image is at:
* https://quay.io/repository/jumanjiman/testssl
#### Privacy checker using testssl.sh
* https://privacyscore.org
#### Brew package
* see [#233](https://github.com/drwetter/testssl.sh/issues/233) and
[https://github.com/Homebrew/homebrew](https://github.com/Homebrew/homebrew)
#### Daemon for batch execution of testssl.sh command files
* https://github.com/bitsofinfo/testssl.sh-processor
#### Daemon for batch processing of testssl.sh JSON result files for sending Slack alerts, reactive copying etc
* https://github.com/bitsofinfo/testssl.sh-alerts