testssl.sh

mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00

Testing TLS/SSL encryption anywhere on any port. https://testssl.sh/

bigip caa cipher crime ct drown freak heartbleed hpkp hsts logjam ocsp openssl poodle rc4 robot socket ssl ticketbleed tls

Go to file

Peter Mosmans 9780e83895 Refactored major parts of code Note that due to the refactoring of some status messages, the output will be slightly different (more verbose) than previous versions Moved specific status messages to http_header() Moved specific status messages to breach() Moved specific status messages to ccs_injection() Moved specific status messages to heartbleed() Moved specific status messages to renego() Moved specific status messages to crime() Moved specific status messages to tls_poodle() Moved specific status messages to freak() Moved specific status messages to beast() Added some more documentation for functions Fixed typos in help Created new function main: This is the main function of testssl.sh Refactored major part of the original main function Created new function startup: Parses the startup options Created new function intialize_globals: Initializes all used global variables Created new function scanning_defaults: Sets default scanning options when only one parameter (URI) is given TODO: Refactor more/duplicate parts of functions Note: For the new functions, fixed spaces (4) are used instead of tabs		2015-04-07 17:00:43 +10:00
openssl-bins	- updated binaries from Peter. Necessary because handshake under rare circumstances	2015-04-02 11:46:12 +02:00
utils	Merge branch 'master' of github.com:drwetter/testssl.sh	2015-02-05 09:54:24 +01:00
CHANGELOG.txt		2014-07-16 19:06:26 +02:00
CREDITS.md	rechi	2015-03-30 15:03:29 +02:00
LICENSE	Initial commit	2014-07-01 13:55:26 +02:00
mapping-rfc.txt	- stripping of leading 0 in testssl.sh needed to be reflected by this file	2014-11-18 11:04:57 +01:00
openssl-rfc.mappping.html	TLS_FALLBACK_SCSV	2014-10-30 21:14:50 +01:00
Readme.md	Update Readme.md	2015-03-02 13:59:45 +01:00
testssl.sh	Refactored major parts of code	2015-04-07 17:00:43 +10:00

Readme.md

Intro

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It's designed to provide clear output for a "is this good or bad" decision.

It is working on every Linux distribution out of the box with the limitations of disabled features from the openssl client. It also works on BSD and other Unices out of the box, supposed they have /bin/bash and standard tools like sed and awk installed. MacOS X and Windows (using MSYS2) work too.

On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see testssl.sh.

New features in this release are / will be

certificate information (done),
more HTTP header infos (partly done, needs a bit f cleanup),
protocol check via bash sockets (SSLv2: done, for others: function need to be called)
maybe cipher check via bash sockets (not done yet)
debug file handling (ongoing)
BEAST (works, need some polishing for the output)

Contributions, feedback, also bug reports are welcome. For contributions please note: One patch per feature -- bug fix/improvement.