Tool and Usage
Key features of testssl.sh include:
- Clear output: you can tell easily whether anything is good or bad
- Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
- Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
- Toolbox: Several command line options help you to run YOUR test and configure YOUR output
- Reliability: features are tested thoroughly
- Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
- Privacy: It's only you who sees the result, not a third party
- Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.
Usage and audience
testssl.sh is commonly used for application testing or configuration audit.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Used language is shell script
- + The source code of this software is available
Similar tools to testssl.sh:
Cipherscan is a tool to test the ordering of SSL/TLS ciphers on a given target. It tests the major versions of SSL, TLS, and any extensions of these protocols.
The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.
A2SV is short for Auto Scanning to SSL Vulnerability, a security tool to scan for SSL and TLS vulnerabilities. It can be used during security assessments.
This tool page was updated at . Found an improvement? Help the community by submitting an update.