Minor updates

added: client simulation, requirements.

Updated number of ciphers.
This commit is contained in:
Dirk 2018-11-12 21:36:43 +01:00
parent eb8ba74460
commit f591126a1b
3 changed files with 46 additions and 17 deletions

View File

@ -27,8 +27,11 @@ The output rates findings by color (screen) or severity (file output) so that yo
.P .P
Only you see the result\. You also can use it internally on your LAN\. Except DNS lookups it doesn\'t use any other hosts or even third parties for checks\. Only you see the result\. You also can use it internally on your LAN\. Except DNS lookups it doesn\'t use any other hosts or even third parties for checks\.
. .
.SH "REQUIREMENTS"
Testssl\.sh is out of the box pretty much portable: it runs under any Unix\-like stack: Linux, *BSD, MacOS X, WSL=Windows Subsystem for Linux,, Cygwin and MSYS2\. \fBbash\fR (also version 3 is still supported) is a prerequisite as well as standard utilities like awk, sed, tr and head\. This can be of BSD, System 5 or GNU flavor whereas grep from System V is not yet supported\.
.
.P .P
It is out of the box pretty much portable: testssl\.sh runs under any Unix\-like stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2)\. \fBbash\fR (also version 3 is still supported) is a prerequisite as well as standard utilities like awk, sed, tr and head\. This can be of BSD, System 5 or GNU flavor whereas grep from System V is not yet supported\. Any OpenSSL or LibreSSL version is needed as a helper\. Unless previous versions of testssl\.sh almost every check is done via (TCP) sockets\. Despite that some some statically linked OpenSSL binaries for major operating systems are supplied in \fB\./bin/\fR \.
. .
.SH "GENERAL" .SH "GENERAL"
\fBtestssl\.sh URI\fR as the default invocation does the so\-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen\. It does every check listed below except \fB\-E\fR which are (order of appearance): \fBtestssl\.sh URI\fR as the default invocation does the so\-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen\. It does every check listed below except \fB\-E\fR which are (order of appearance):
@ -58,7 +61,7 @@ It is out of the box pretty much portable: testssl\.sh runs under any Unix\-like
7) vulnerabilities 7) vulnerabilities
. .
.P .P
8) testing each of 359 ciphers 8) testing each of 370 preconfigured ciphers
. .
.P .P
9) client simulation 9) client simulation
@ -88,7 +91,7 @@ Options are either short or long options\. Any option requiring a value can be c
\fB\-\-file <fname>\fR is the mass testing option\. Per default it implicitly turns on \fB\-\-warnings batch\fR\. In its first incarnation the mass testing option reads command lines from \fBfname\fR\. \fBfname\fR consists of command lines of testssl, one line per instance\. Comments after \fB#\fR are ignored, \fBEOF\fR signals the end of fname any subsequent lines will be ignored too\. You can also supply additional options which will be inherited to each child, e\.g\. When invoking \fBtestssl\.sh \-\-wide \-\-log \-\-file <fname>\fR \. Each single line in \fBfname\fR is parsed upon execution\. If there\'s a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer\. In parallel mode the mileage varies\. \fB\-\-file <fname>\fR is the mass testing option\. Per default it implicitly turns on \fB\-\-warnings batch\fR\. In its first incarnation the mass testing option reads command lines from \fBfname\fR\. \fBfname\fR consists of command lines of testssl, one line per instance\. Comments after \fB#\fR are ignored, \fBEOF\fR signals the end of fname any subsequent lines will be ignored too\. You can also supply additional options which will be inherited to each child, e\.g\. When invoking \fBtestssl\.sh \-\-wide \-\-log \-\-file <fname>\fR \. Each single line in \fBfname\fR is parsed upon execution\. If there\'s a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer\. In parallel mode the mileage varies\.
. .
.P .P
Alternatively \fBfname\fR can be in \fBnmap\fR\'s grep(p)able output format (\fB\-oG\fR)\. Only open ports will be considered\. Multiple ports per line are allowed\. The ports can be different and will be tested by testssl\.sh according to common practice in the internet, \.i\.e\. if nmap shows in its output an open port 25, automatically \fB\-t smtp\fR will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront\. This is done by an internal table which correlates nmap\'s open port to the STARTTLS/plain text decision from testssl\.sh\. Alternatively \fBfname\fR can be in \fBnmap\fR\'s grep(p)able output format (\fB\-oG\fR)\. Only open ports will be considered\. Multiple ports per line are allowed\. The ports can be different and will be tested by testssl\.sh according to common practice in the internet, i\.e\. if nmap shows in its output an open port 25, automatically \fB\-t smtp\fR will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront\. This is done by an internal table which correlates nmap\'s open port detected to the STARTTLS/plain text decision from testssl\.sh\.
. .
.P .P
The nmap output always returns IP addresses and \-\- only if there\'s a PTR DNS record available \-\- a hostname\. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl\.sh does this for you\. If the A record of the hostname matches the IP address, the hostname is used and not the IP address\. Watch out as stated above checks against an IP address might not hit the vhost you maybe were aiming at\. The nmap output always returns IP addresses and \-\- only if there\'s a PTR DNS record available \-\- a hostname\. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl\.sh does this for you\. If the A record of the hostname matches the IP address, the hostname is used and not the IP address\. Watch out as stated above checks against an IP address might not hit the vhost you maybe were aiming at\.
@ -155,7 +158,7 @@ Please note that the content of \fBfname\fR has to be in Unix format\. DOS carri
\fB\-\-sneaky\fR is a friendly feature for the server side testssl\.sh uses a HTTP user agent \fBTLS tester from ${URL}\fR\. With this option your traces are less verbose and a Firefox user agent is being used\. Be aware that it doesn\'t hide your activities\. That is just not possible (environment preset via \fBSNEAKY=true\fR)\. \fB\-\-sneaky\fR is a friendly feature for the server side testssl\.sh uses a HTTP user agent \fBTLS tester from ${URL}\fR\. With this option your traces are less verbose and a Firefox user agent is being used\. Be aware that it doesn\'t hide your activities\. That is just not possible (environment preset via \fBSNEAKY=true\fR)\.
. .
.P .P
\fB\-\-ids\-friendly\fR is a switch which may help to get a scan finished which otherwise will be blocked by a server side IDS\. This switch skips tests for the following vulnerabilities:heartbleed, CCS injection, ticketbleed and ROBOT\. The environment variable OFFENSIVE set to false will achieve the same result\. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe *MAX_WAITSOCK\. \fB\-\-ids\-friendly\fR is a switch which may help to get a scan finished which otherwise would be blocked by a server side IDS\. This switch skips tests for the following vulnerabilities:heartbleed, CCS injection, ticketbleed and ROBOT\. The environment variable OFFENSIVE set to false will achieve the same result\. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe *MAX_WAITSOCK\.
. .
.P .P
\fB\-\-phone\-out\fR instructs testssl\.sh to query external \-\- in a sense of the current run \-\- URLs or URIs\. This is needed for checking revoked certificates via CRL and OCSP\. By using this switch you acknowledge that the check might could have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting CA which testssl\.sh doesn\'t handle\. PHONE_OUT is the environment variable for this which needs to be set to true if you want this\. \fB\-\-phone\-out\fR instructs testssl\.sh to query external \-\- in a sense of the current run \-\- URLs or URIs\. This is needed for checking revoked certificates via CRL and OCSP\. By using this switch you acknowledge that the check might could have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting CA which testssl\.sh doesn\'t handle\. PHONE_OUT is the environment variable for this which needs to be set to true if you want this\.
@ -196,7 +199,7 @@ Any single check switch supplied as an argument prevents testssl\.sh from doing
.IP "" 0 .IP "" 0
. .
.P .P
\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (18\-23) and TLS 1\.3 final are supported\. \fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (from 18 on) and TLS 1\.3 final are supported and tested\.
. .
.P .P
\fB\-P, \-\-preference\fR displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher\. If there\'s a cipher order enforced by the server it displays it for each protocol (openssl+sockets)\. If there\'s not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only) \fB\-P, \-\-preference\fR displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher\. If there\'s a cipher order enforced by the server it displays it for each protocol (openssl+sockets)\. If there\'s not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)
@ -248,6 +251,9 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, \.\.\., CSP headers)
. .
.IP "" 0 .IP "" 0
. .
.P
\fB\-\-c, \-\-client\-simulation\fR This simulates a handshake with preconfigured clients so that you can figure out which client cannot or can connect\. For the latter case the protocol, cipher and curve is displayed\. If there\'s no Forward Secrecy it will be displayed\. testssl\.sh uses a handselected set of clients which are retrieved by the SSLlabs API\. If you want the full nine yards of clients displayed use the environment variable ALL_CLIENTS\. The output is aligned in columns when combined with the \fB\-\-wide\fR option\.
.
.SS "VULNERABILITIES" .SS "VULNERABILITIES"
\fB\-U, \-\-vulnerable\fR Just tests all (following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\. \fB\-U, \-\-vulnerable\fR Just tests all (following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\.
. .

View File

@ -57,6 +57,7 @@
<a href="#NAME">NAME</a> <a href="#NAME">NAME</a>
<a href="#SYNOPSIS">SYNOPSIS</a> <a href="#SYNOPSIS">SYNOPSIS</a>
<a href="#DESCRIPTION">DESCRIPTION</a> <a href="#DESCRIPTION">DESCRIPTION</a>
<a href="#REQUIREMENTS">REQUIREMENTS</a>
<a href="#GENERAL">GENERAL</a> <a href="#GENERAL">GENERAL</a>
<a href="#OPTIONS-AND-PARAMETERS">OPTIONS AND PARAMETERS</a> <a href="#OPTIONS-AND-PARAMETERS">OPTIONS AND PARAMETERS</a>
<a href="#EXAMPLES">EXAMPLES</a> <a href="#EXAMPLES">EXAMPLES</a>
@ -100,12 +101,19 @@
<p>Only you see the result. You also can use it internally on your LAN. Except DNS lookups it doesn't use any other hosts or even third parties for checks.</p> <p>Only you see the result. You also can use it internally on your LAN. Except DNS lookups it doesn't use any other hosts or even third parties for checks.</p>
<p>It is out of the box pretty much portable: testssl.sh runs under any Unix-like <h2 id="REQUIREMENTS">REQUIREMENTS</h2>
stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2). <code>bash</code>
<p>Testssl.sh is out of the box pretty much portable: it runs under any Unix-like
stack: Linux, *BSD, MacOS X, WSL=Windows Subsystem for Linux,, Cygwin and MSYS2. <code>bash</code>
(also version 3 is still supported) is a prerequisite as well as standard (also version 3 is still supported) is a prerequisite as well as standard
utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU
flavor whereas grep from System V is not yet supported.</p> flavor whereas grep from System V is not yet supported.</p>
<p>Any OpenSSL or LibreSSL version is needed as a helper. Unless previous versions
of testssl.sh almost every check is done via (TCP) sockets. Despite that some
some statically linked OpenSSL binaries for major operating systems are
supplied in <code>./bin/</code> .</p>
<h2 id="GENERAL">GENERAL</h2> <h2 id="GENERAL">GENERAL</h2>
<p><code>testssl.sh URI</code> as the default invocation does the so-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen. It does every check listed below except <code>-E</code> which are (order of appearance):</p> <p><code>testssl.sh URI</code> as the default invocation does the so-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen. It does every check listed below except <code>-E</code> which are (order of appearance):</p>
@ -126,7 +134,7 @@ flavor whereas grep from System V is not yet supported.</p>
<p>7) vulnerabilities</p> <p>7) vulnerabilities</p>
<p>8) testing each of 359 ciphers</p> <p>8) testing each of 370 preconfigured ciphers</p>
<p>9) client simulation</p> <p>9) client simulation</p>
@ -153,7 +161,7 @@ flavor whereas grep from System V is not yet supported.</p>
<p><code>--file &lt;fname></code> is the mass testing option. Per default it implicitly turns on <code>--warnings batch</code>. <p><code>--file &lt;fname></code> is the mass testing option. Per default it implicitly turns on <code>--warnings batch</code>.
In its first incarnation the mass testing option reads command lines from <code>fname</code>. <code>fname</code> consists of command lines of testssl, one line per instance. Comments after <code>#</code> are ignored, <code>EOF</code> signals the end of fname any subsequent lines will be ignored too. You can also supply additional options which will be inherited to each child, e.g. When invoking <code>testssl.sh --wide --log --file &lt;fname></code> . Each single line in <code>fname</code> is parsed upon execution. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer. In parallel mode the mileage varies.</p> In its first incarnation the mass testing option reads command lines from <code>fname</code>. <code>fname</code> consists of command lines of testssl, one line per instance. Comments after <code>#</code> are ignored, <code>EOF</code> signals the end of fname any subsequent lines will be ignored too. You can also supply additional options which will be inherited to each child, e.g. When invoking <code>testssl.sh --wide --log --file &lt;fname></code> . Each single line in <code>fname</code> is parsed upon execution. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer. In parallel mode the mileage varies.</p>
<p>Alternatively <code>fname</code> can be in <code>nmap</code>'s grep(p)able output format (<code>-oG</code>). Only open ports will be considered. Multiple ports per line are allowed. The ports can be different and will be tested by testssl.sh according to common practice in the internet, .i.e. if nmap shows in its output an open port 25, automatically <code>-t smtp</code> will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront. This is done by an internal table which correlates nmap's open port to the STARTTLS/plain text decision from testssl.sh.</p> <p>Alternatively <code>fname</code> can be in <code>nmap</code>'s grep(p)able output format (<code>-oG</code>). Only open ports will be considered. Multiple ports per line are allowed. The ports can be different and will be tested by testssl.sh according to common practice in the internet, i.e. if nmap shows in its output an open port 25, automatically <code>-t smtp</code> will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront. This is done by an internal table which correlates nmap's open port detected to the STARTTLS/plain text decision from testssl.sh.</p>
<p>The nmap output always returns IP addresses and -- only if there's a PTR DNS record available -- a hostname. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl.sh does this for you. If the A record of the hostname matches the IP address, the hostname is used and not the IP address. Watch out as stated above checks against an IP address might not hit the vhost you maybe were aiming at.</p> <p>The nmap output always returns IP addresses and -- only if there's a PTR DNS record available -- a hostname. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl.sh does this for you. If the A record of the hostname matches the IP address, the hostname is used and not the IP address. Watch out as stated above checks against an IP address might not hit the vhost you maybe were aiming at.</p>
@ -202,7 +210,7 @@ in /etc/hosts. The use of the switch is only useful if you either can't or are
<p><code>--sneaky</code> is a friendly feature for the server side testssl.sh uses a HTTP user agent <code>TLS tester from ${URL}</code>. With this option your traces are less verbose and a Firefox user agent is being used. Be aware that it doesn't hide your activities. That is just not possible (environment preset via <code>SNEAKY=true</code>).</p> <p><code>--sneaky</code> is a friendly feature for the server side testssl.sh uses a HTTP user agent <code>TLS tester from ${URL}</code>. With this option your traces are less verbose and a Firefox user agent is being used. Be aware that it doesn't hide your activities. That is just not possible (environment preset via <code>SNEAKY=true</code>).</p>
<p><code>--ids-friendly</code> is a switch which may help to get a scan finished which otherwise will be blocked by a server side IDS. This switch skips tests for the following vulnerabilities:heartbleed, CCS injection, ticketbleed and ROBOT. The environment variable OFFENSIVE set to false will achieve the same result. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe *MAX_WAITSOCK.</p> <p><code>--ids-friendly</code> is a switch which may help to get a scan finished which otherwise would be blocked by a server side IDS. This switch skips tests for the following vulnerabilities:heartbleed, CCS injection, ticketbleed and ROBOT. The environment variable OFFENSIVE set to false will achieve the same result. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe *MAX_WAITSOCK.</p>
<p><code>--phone-out</code> instructs testssl.sh to query external -- in a sense of the current run -- URLs or URIs. This is needed for checking revoked certificates via CRL and OCSP. By using this switch you acknowledge that the check might could have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting CA which testssl.sh doesn't handle. PHONE_OUT is the environment variable for this which needs to be set to true if you want this.</p> <p><code>--phone-out</code> instructs testssl.sh to query external -- in a sense of the current run -- URLs or URIs. This is needed for checking revoked certificates via CRL and OCSP. By using this switch you acknowledge that the check might could have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting CA which testssl.sh doesn't handle. PHONE_OUT is the environment variable for this which needs to be set to true if you want this.</p>
@ -227,7 +235,7 @@ in /etc/hosts. The use of the switch is only useful if you either can't or are
</ul> </ul>
<p><code>-p, --protocols</code> checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are supported.</p> <p><code>-p, --protocols</code> checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (from 18 on) and TLS 1.3 final are supported and tested.</p>
<p><code>-P, --preference</code> displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)</p> <p><code>-P, --preference</code> displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)</p>
@ -283,6 +291,10 @@ Also the Certification Authority Authorization (CAA) record is displayed.</p>
</ul> </ul>
<p><code>--c, --client-simulation</code> This simulates a handshake with preconfigured clients so that you can figure out which client cannot or can connect. For the latter case the protocol, cipher and curve is displayed.
If there's no Forward Secrecy it will be displayed. testssl.sh uses a handselected set of clients which are retrieved by the SSLlabs API. If you want the full nine yards of clients displayed use the environment
variable ALL_CLIENTS. The output is aligned in columns when combined with the <code>--wide</code> option.</p>
<h3 id="VULNERABILITIES">VULNERABILITIES</h3> <h3 id="VULNERABILITIES">VULNERABILITIES</h3>
<p><code>-U, --vulnerable</code> Just tests all (following) vulnerabilities. The environment variable <code>VULN_THRESHLD</code> determines after which value a separate headline for each vulnerability is being displayed. Default is <code>1</code> which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.</p> <p><code>-U, --vulnerable</code> Just tests all (following) vulnerabilities. The environment variable <code>VULN_THRESHLD</code> determines after which value a separate headline for each vulnerability is being displayed. Default is <code>1</code> which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.</p>

View File

@ -19,12 +19,19 @@ The output rates findings by color (screen) or severity (file output) so that yo
Only you see the result. You also can use it internally on your LAN. Except DNS lookups it doesn't use any other hosts or even third parties for checks. Only you see the result. You also can use it internally on your LAN. Except DNS lookups it doesn't use any other hosts or even third parties for checks.
It is out of the box pretty much portable: testssl.sh runs under any Unix-like ## REQUIREMENTS
stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2). `bash`
Testssl.sh is out of the box pretty much portable: it runs under any Unix-like
stack: Linux, *BSD, MacOS X, WSL=Windows Subsystem for Linux,, Cygwin and MSYS2. `bash`
(also version 3 is still supported) is a prerequisite as well as standard (also version 3 is still supported) is a prerequisite as well as standard
utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU
flavor whereas grep from System V is not yet supported. flavor whereas grep from System V is not yet supported.
Any OpenSSL or LibreSSL version is needed as a helper. Unless previous versions
of testssl.sh almost every check is done via (TCP) sockets. Despite that some
some statically linked OpenSSL binaries for major operating systems are
supplied in `./bin/` .
## GENERAL ## GENERAL
@ -46,7 +53,7 @@ flavor whereas grep from System V is not yet supported.
7) vulnerabilities 7) vulnerabilities
8) testing each of 359 ciphers 8) testing each of 370 preconfigured ciphers
9) client simulation 9) client simulation
@ -74,7 +81,7 @@ Options are either short or long options. Any option requiring a value can be ca
`--file <fname>` is the mass testing option. Per default it implicitly turns on `--warnings batch`. `--file <fname>` is the mass testing option. Per default it implicitly turns on `--warnings batch`.
In its first incarnation the mass testing option reads command lines from `fname`. `fname` consists of command lines of testssl, one line per instance. Comments after `#` are ignored, `EOF` signals the end of fname any subsequent lines will be ignored too. You can also supply additional options which will be inherited to each child, e.g. When invoking `testssl.sh --wide --log --file <fname>` . Each single line in `fname` is parsed upon execution. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer. In parallel mode the mileage varies. In its first incarnation the mass testing option reads command lines from `fname`. `fname` consists of command lines of testssl, one line per instance. Comments after `#` are ignored, `EOF` signals the end of fname any subsequent lines will be ignored too. You can also supply additional options which will be inherited to each child, e.g. When invoking `testssl.sh --wide --log --file <fname>` . Each single line in `fname` is parsed upon execution. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer. In parallel mode the mileage varies.
Alternatively `fname` can be in `nmap`'s grep(p)able output format (`-oG`). Only open ports will be considered. Multiple ports per line are allowed. The ports can be different and will be tested by testssl.sh according to common practice in the internet, .i.e. if nmap shows in its output an open port 25, automatically `-t smtp` will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront. This is done by an internal table which correlates nmap's open port to the STARTTLS/plain text decision from testssl.sh. Alternatively `fname` can be in `nmap`'s grep(p)able output format (`-oG`). Only open ports will be considered. Multiple ports per line are allowed. The ports can be different and will be tested by testssl.sh according to common practice in the internet, i.e. if nmap shows in its output an open port 25, automatically `-t smtp` will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront. This is done by an internal table which correlates nmap's open port detected to the STARTTLS/plain text decision from testssl.sh.
The nmap output always returns IP addresses and -- only if there's a PTR DNS record available -- a hostname. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl.sh does this for you. If the A record of the hostname matches the IP address, the hostname is used and not the IP address. Watch out as stated above checks against an IP address might not hit the vhost you maybe were aiming at. The nmap output always returns IP addresses and -- only if there's a PTR DNS record available -- a hostname. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl.sh does this for you. If the A record of the hostname matches the IP address, the hostname is used and not the IP address. Watch out as stated above checks against an IP address might not hit the vhost you maybe were aiming at.
@ -125,7 +132,7 @@ in /etc/hosts. The use of the switch is only useful if you either can't or are
`--sneaky` is a friendly feature for the server side testssl.sh uses a HTTP user agent `TLS tester from ${URL}`. With this option your traces are less verbose and a Firefox user agent is being used. Be aware that it doesn't hide your activities. That is just not possible (environment preset via `SNEAKY=true`). `--sneaky` is a friendly feature for the server side testssl.sh uses a HTTP user agent `TLS tester from ${URL}`. With this option your traces are less verbose and a Firefox user agent is being used. Be aware that it doesn't hide your activities. That is just not possible (environment preset via `SNEAKY=true`).
`--ids-friendly` is a switch which may help to get a scan finished which otherwise will be blocked by a server side IDS. This switch skips tests for the following vulnerabilities:heartbleed, CCS injection, ticketbleed and ROBOT. The environment variable OFFENSIVE set to false will achieve the same result. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe *MAX_WAITSOCK. `--ids-friendly` is a switch which may help to get a scan finished which otherwise would be blocked by a server side IDS. This switch skips tests for the following vulnerabilities:heartbleed, CCS injection, ticketbleed and ROBOT. The environment variable OFFENSIVE set to false will achieve the same result. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe *MAX_WAITSOCK.
`--phone-out` instructs testssl.sh to query external -- in a sense of the current run -- URLs or URIs. This is needed for checking revoked certificates via CRL and OCSP. By using this switch you acknowledge that the check might could have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting CA which testssl.sh doesn't handle. PHONE_OUT is the environment variable for this which needs to be set to true if you want this. `--phone-out` instructs testssl.sh to query external -- in a sense of the current run -- URLs or URIs. This is needed for checking revoked certificates via CRL and OCSP. By using this switch you acknowledge that the check might could have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting CA which testssl.sh doesn't handle. PHONE_OUT is the environment variable for this which needs to be set to true if you want this.
@ -150,7 +157,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
* `Strong grade Ciphers` (AEAD): 'AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM' * `Strong grade Ciphers` (AEAD): 'AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM'
`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are supported. `-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (from 18 on) and TLS 1.3 final are supported and tested.
`-P, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only) `-P, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)
@ -203,6 +210,10 @@ Also the Certification Authority Authorization (CAA) record is displayed.
* Decodes BIG IP F5 non-encrypted cookies * Decodes BIG IP F5 non-encrypted cookies
* Security headers (X-Frame-Options, X-XSS-Protection, ..., CSP headers) * Security headers (X-Frame-Options, X-XSS-Protection, ..., CSP headers)
`--c, --client-simulation` This simulates a handshake with preconfigured clients so that you can figure out which client cannot or can connect. For the latter case the protocol, cipher and curve is displayed.
If there's no Forward Secrecy it will be displayed. testssl.sh uses a handselected set of clients which are retrieved by the SSLlabs API. If you want the full nine yards of clients displayed use the environment
variable ALL_CLIENTS. The output is aligned in columns when combined with the `--wide` option.
### VULNERABILITIES ### VULNERABILITIES