最後更新: 2023-11-29

介紹

testssl 係一個 test SSL 的 project 來.

它的功能取代了舊的 nmap - ssl-enum-ciphers

HomePage: https://github.com/drwetter/testssl.sh

Usage

 * 建議簡單地使用 docker, 不用 setup 它

# -v, --version

podman run --rm  drwetter/testssl.sh -v

# host|host:port|URL|URL:port

podman run --rm  drwetter/testssl.sh https://www.example.com

Other Opts

--ip <ip>
 tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI

-S, --server-defaults
 to displays the server 's default picks and certificate info

-P, --server-preference
 Test server prefer protocol+cipher suites

-f, --fs, --nsa               checks forward secrecy settings
-p, --protocols               checks TLS/SSL protocols (including SPDY/HTTP2)
-g, --grease                  tests several server implementation bugs like GREASE and size limitations
-U, --vulnerable              tests all (of the following) vulnerabilities (if applicable)
-h, --header, --headers       tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address

-t, --starttls <protocol>     
 Does a run against a STARTTLS enabled service which is one of
 ftp, smtp, lmtp, pop3, imap, xmpp, xmpp-server, telnet, ldap, nntp, postgres, mysql