mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-11-22 02:51:35 +01:00
Got it from https://testssl.sh/
parent
e0ad47ff8c
commit
a91cc8c8fd
104
Usage-Documentation.md
Normal file
104
Usage-Documentation.md
Normal file
@ -0,0 +1,104 @@
|
||||
Usage
|
||||
The normal use case is probably just testssl.sh <hostname>, see first picture right hand above (a deliberately bad configuration).
|
||||
|
||||
Starting testssl.sh with no params will give you a general idea how to use it:
|
||||
userid@somehost:~ % testssl.sh
|
||||
|
||||
testssl.sh <options>
|
||||
|
||||
-h, --help what you're looking at
|
||||
-b, --banner displays banner + version of testssl.sh
|
||||
-v, --version same as previous
|
||||
-V, --local pretty print all local ciphers
|
||||
-V, --local <pattern> which local ciphers with <pattern> are available?
|
||||
(if pattern not a number: word match)
|
||||
|
||||
testssl.sh <options> URI ("testssl.sh URI" does everything except -E)
|
||||
|
||||
-e, --each-cipher checks each local cipher remotely
|
||||
-E, --cipher-per-proto checks those per protocol
|
||||
-f, --ciphers checks common cipher suites
|
||||
-p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2)
|
||||
-y, --spdy, --npn checks for SPDY/NPN
|
||||
-Y, --http2, --alpn checks for HTTP2/ALPN
|
||||
-S, --server-defaults displays the server's default picks and certificate info
|
||||
-P, --server-preference displays the server's picks: protocol+cipher
|
||||
-x, --single-cipher <pattern> tests matched <pattern> of ciphers
|
||||
(if <pattern> not a number: word match)
|
||||
-c, --client-simulation test client simulations, see which client negotiates with cipher and protocol
|
||||
-H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address
|
||||
|
||||
-U, --vulnerable tests all vulnerabilities
|
||||
-B, --heartbleed tests for heartbleed vulnerability
|
||||
-I, --ccs, --ccs-injection tests for CCS injection vulnerability
|
||||
-R, --renegotiation tests for renegotiation vulnerabilities
|
||||
-C, --compression, --crime tests for CRIME vulnerability
|
||||
-T, --breach tests for BREACH vulnerability
|
||||
-O, --poodle tests for POODLE (SSL) vulnerability
|
||||
-Z, --tls-fallback checks TLS_FALLBACK_SCSV mitigation
|
||||
-F, --freak tests for FREAK vulnerability
|
||||
-A, --beast tests for BEAST vulnerability
|
||||
-J, --logjam tests for LOGJAM vulnerability
|
||||
-D, --drown tests for DROWN vulnerability
|
||||
-s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
|
||||
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
|
||||
|
||||
special invocations:
|
||||
-t, --starttls <protocol> does a default run against a STARTTLS enabled <protocol>
|
||||
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
||||
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
|
||||
--ip <ip> a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI
|
||||
b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
|
||||
--file <fname> mass testing option: Reads command lines from <fname>, one line per instance.
|
||||
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"
|
||||
|
||||
partly mandatory parameters:
|
||||
URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified)
|
||||
pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
|
||||
protocol is one of the STARTTLS protocols ftp,smtp,pop3,imap,xmpp,telnet,ldap
|
||||
(for the latter two you need e.g. the supplied openssl)
|
||||
|
||||
tuning options (can also be preset via environment variables):
|
||||
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
|
||||
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
||||
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
||||
--openssl <PATH> use this openssl binary (default: look in $PATH, $RUN_DIR of testssl.sh)
|
||||
--proxy <host>:<port> connect via the specified HTTP proxy
|
||||
-6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
|
||||
--sneaky leave less traces in target logs: user agent, referer
|
||||
|
||||
output options (can also be preset via environment variables):
|
||||
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
|
||||
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
|
||||
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
|
||||
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones
|
||||
--mapping <no-rfc> don't display the RFC Cipher Suite Name
|
||||
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
|
||||
--colorblind swap green and blue in the output
|
||||
--debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh"
|
||||
|
||||
file output options (can also be preset via environment variables):
|
||||
--log, --logging logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory
|
||||
--logfile <logfile> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file
|
||||
--json additional output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd
|
||||
--jsonfile <jsonfile> additional output to JSON and output JSON to the specified file
|
||||
--csv additional output of findings to CSV file <NODE-YYYYMMDD-HHMM.csv> in cwd
|
||||
--csvfile <csvfile> set output to CSV and output CSV to the specified file
|
||||
--append if <csvfile> or <jsonfile> exists rather append then overwrite
|
||||
|
||||
All options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
|
||||
|
||||
<URI> is always the last parameter.
|
||||
|
||||
Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/aha) like
|
||||
|
||||
"testssl.sh <options> <URI> | aha >output.html"
|
||||
|
||||
userid@somehost:~ %
|
||||
|
||||
You are free to check any port – supposed there's any SSL enabled service (TCP) listening. For the service HTTPS you can also supply a full URL. A STARTTLS check would be invoked with testssl.sh -t pop3 pop.o2online.de:110. Other examples:
|
||||
testssl.sh --starttls smtp <smtphost>.<tld>:587
|
||||
testssl.sh --starttls ftp <ftphost>.<tld>:21
|
||||
testssl.sh -t xmpp <jabberhost>.<tld>:5222
|
||||
testssl.sh -t xmpp --xmpphost <XMPP domain> <jabberhost>.<tld>:5222
|
||||
testssl.sh --starttls imap <imaphost>.<tld>:143
|
Loading…
Reference in New Issue
Block a user