Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-23 08:47:38 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
57fc5850d145ccc6770eef7496cd9988d7bed7ce
testssl.sh/t
T
History
potato-20 57fc5850d1 Add HSTS preload list check via the hstspreload.org API (#1248) 
Revives and rebases #1809 by @tosticated (Jim Blankendaal) onto 3.3dev. When --phone-out is set, run_hsts now queries https://hstspreload.org/api/v2/status and reports whether the domain is on the browser HSTS preload list (preloaded/pending/rejected/unknown), cross-referenced with the served header, the same-domain check and the bulk flag.

Addresses the review comments on #1809: the API-response matching uses native bash string matching instead of forking grep, the JSON quoting is handled inside check_hsts_preloadlist_match() so callers pass plain values, and the value arrays use 'local -a'. The output decision table is kept as-is (per maintainer feedback). Adds t/53_hsts_preload.t. Original design and decision table by @tosticated.
2026-06-17 15:10:51 +05:30
..
baseline_data
Using a compariable Linux distro in the firstplace for updating handshake would have been great ;-)
2026-05-29 15:20:17 +02:00
00_testssl_help.t
term pattern seems better than the "colorized list"
2025-11-27 18:39:52 +01:00
01_testssl_banner.t
term pattern seems better than the "colorized list"
2025-11-27 18:39:52 +01:00
02_clientsim_txt_parsable.t
term pattern seems better than the "colorized list"
2025-11-27 18:39:52 +01:00
03_debug.t.DISABLED
Provide better debugging means
2026-06-09 13:43:43 +02:00
05_ca_hashes_up_to_date.t
Better phrasing
2025-05-08 14:30:13 +02:00
10_baseline_ipv4_http.t
this may fix it
2025-11-29 18:43:00 +01:00
11_baseline_ipv6_http.t.DISABLED
spellcheck
2025-11-27 18:49:12 +01:00
12_diff_opensslversions.t
Remove QUIC from runner
2026-06-10 10:03:25 +02:00
21_baseline_starttls.t
term pattern seems better than the "colorized list"
2025-11-27 18:39:52 +01:00
23_client_simulation.t
Just add comments, reorder lines
2025-11-27 17:44:31 +01:00
31_isJSON_valid.t
re-add $
2025-11-27 22:17:54 +01:00
32_isHTML_valid.t
Exempt the debug statement "Extended master secret extension detected"
2026-01-15 11:20:01 +01:00
33_isJSON_severitylevel_valid.t
change style to be in line w others
2025-11-28 01:21:19 +01:00
51_badssl.com.t
Add autoflush thingy for MAcOS
2025-11-27 18:46:19 +01:00
52_ocsp_revoked.t
Fix 52_ocsp_revoked (OCSP --> CRL)
2025-07-03 16:56:28 +02:00
53_hsts_preload.t
Add HSTS preload list check via the hstspreload.org API (#1248)
2026-06-17 15:10:51 +05:30
59_hpkp.t.tmpDISABLED
Add missing vim modeline config in sh & perl files, cc #1901
2021-06-01 14:40:24 +08:00
61_diff_testsslsh.t
term pattern seems better than the "colorized list"
2025-11-27 18:39:52 +01:00
Readme.md
Provide better debugging means
2026-06-09 13:43:43 +02:00

Readme.md

Naming scheme

  • 00-05: Does the bare testssl.sh work at all?
  • 10-29: Do scans work fine (client side)?
  • 30-39: Does reporting work?
  • 50-69: Are the results what I expect (server side)?

Please help to write CI tests! Documentation can be found here. You can consult the existing code here. Feel free to use 10_baseline_ipv4_http.t or 12_diff_opensslversions.t as a template. The latter is newer and code is cleaner.

  • 03_debug.t.DISABLED is a handy tool when the runner is not in line with checks outside github. It provides debugging means
  • IPv6 was (status 2025) not allowed, thus the file 11_baseline_ipv6_http.t.DISABLED which can be renamed if that will change.
Reference in New Issue View Git Blame Copy Permalink