Установим Git.
$ apt install git
Склонируем репозиторий testsl.sh.
$ git clone --depth 1 https://github.com/drwetter/testssl.sh.git
Cloning into 'testssl.sh'... remote: Enumerating objects: 84, done. remote: Counting objects: 100% (84/84), done. remote: Compressing objects: 100% (80/80), done. remote: Total 84 (delta 12), reused 18 (delta 3), pack-reused 0 Unpacking objects: 100% (84/84), done.
Покажем справочную информацию
:~/testssl.sh$ ./testssl.sh --help
"testssl.sh [options] <URI>" or "testssl.sh <options>"
"testssl.sh <options>", where <options> is:
--help what you're looking at
-b, --banner displays banner + version of testssl.sh
-v, --version same as previous
-V, --local pretty print all local ciphers
-V, --local <pattern> which local ciphers with <pattern> are available? If pattern is not a number: word match
<pattern> is always an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
"testssl.sh <URI>", where <URI> is:
host|host:port|URL|URL:port port 443 is default, URL can only contain HTTPS protocol)
"testssl.sh [options] <URI>", where [options] is:
-t, --starttls <protocol> Does a default run against a STARTTLS enabled <protocol,
protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|nntp|postgres|mysql>
--xmpphost <to_domain> For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
--mx <domain/host> Tests MX records from high to low priority (STARTTLS, port 25)
--file/-iL <fname> Mass testing option: Reads one testssl.sh command line per line from <fname>.
Can be combined with --serial or --parallel. Implicitly turns on "--warnings batch".
Text format 1: Comments via # allowed, EOF signals end of <fname>
Text format 2: nmap output in greppable format (-oG), 1 port per line allowed
--mode <serial|parallel> Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter)
--warnings <batch|off> "batch" doesn't continue when a testing error is encountered, off continues and skips warnings
--connect-timeout <seconds> useful to avoid hangers. Max <seconds> to wait for the TCP socket connect to return
--openssl-timeout <seconds> useful to avoid hangers. Max <seconds> to wait before openssl connect will be terminated
single check as <options> ("testssl.sh URI" does everything except -E and -g):
-e, --each-cipher checks each local cipher remotely
-E, --cipher-per-proto checks those per protocol
-s, --std, --standard tests certain lists of cipher suites by strength
-f, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
-p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2)
-g, --grease tests several server implementation bugs like GREASE and size limitations
-S, --server-defaults displays the server's default picks and certificate info
-P, --server-preference displays the server's picks: protocol+cipher
-x, --single-cipher <pattern> tests matched <pattern> of ciphers
(if <pattern> not a number: word match)
-c, --client-simulation test client simulations, see which client negotiates with cipher and protocol
-h, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address
-U, --vulnerable tests all (of the following) vulnerabilities (if applicable)
-H, --heartbleed tests for Heartbleed vulnerability
-I, --ccs, --ccs-injection tests for CCS injection vulnerability
-T, --ticketbleed tests for Ticketbleed vulnerability in BigIP loadbalancers
-BB, --robot tests for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability
-R, --renegotiation tests for renegotiation vulnerabilities
-C, --compression, --crime tests for CRIME vulnerability (TLS compression issue)
-B, --breach tests for BREACH vulnerability (HTTP compression issue)
-O, --poodle tests for POODLE (SSL) vulnerability
-Z, --tls-fallback checks TLS_FALLBACK_SCSV mitigation
-W, --sweet32 tests 64 bit block ciphers (3DES, RC2 and IDEA): SWEET32 vulnerability
-A, --beast tests for BEAST vulnerability
-L, --lucky13 tests for LUCKY13
-F, --freak tests for FREAK vulnerability
-J, --logjam tests for LOGJAM vulnerability
-D, --drown tests for DROWN vulnerability
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
tuning / connect options (most also can be preset via environment variables):
--fast omits some checks: using openssl for all ciphers (-e), show only first preferred cipher.
-9, --full includes tests for implementation bugs and cipher per protocol (could disappear)
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
--ssl-native fallback to checks with OpenSSL where sockets are normally used
--openssl <PATH> use this openssl binary (default: look in $PATH, $RUN_DIR of testssl.sh)
--proxy <host:port|auto> (experimental) proxy connects via <host:port>, auto: values from $env ($http(s)_proxy)
-6 also use IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
--ip <ip> a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI
b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
-n, --nodns <min|none> if "none": do not try any DNS lookups, "min" queries A, AAAA and MX records
--sneaky leave less traces in target logs: user agent, referer
--ids-friendly skips a few vulnerability checks which may cause IDSs to block the scanning IP
--phone-out allow to contact external servers for CRL download and querying OCSP responder
--add-ca <cafile> path to <cafile> or a comma separated list of CA files enables test against additional CAs.
--basicauth <user:pass> provide HTTP basic auth information.
output options (can also be preset via environment variables):
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones
--mapping <openssl| openssl: use the OpenSSL cipher suite name as the primary name cipher suite name form (default)
iana|rfc -> use the IANA/(RFC) cipher suite name as the primary name cipher suite name form
no-openssl| -> don't display the OpenSSL cipher suite name, display IANA/(RFC) names only
no-iana|no-rfc> -> don't display the IANA/(RFC) cipher suite name, display OpenSSL names only
--color <0|1|2|3> 0: no escape or other codes, 1: b/w escape codes, 2: color (default), 3: extra color (color all ciphers)
--colorblind swap green and blue in the output
--debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh"
file output options (can also be preset via environment variables)
--log, --logging logs stdout to '${NODE}-p${port}${YYYYMMDD-HHMM}.log' in current working directory (cwd)
--logfile|-oL <logfile> logs stdout to 'dir/${NODE}-p${port}${YYYYMMDD-HHMM}.log'. If 'logfile' is a dir or to a specified 'logfile'
--json additional output of findings to flat JSON file '${NODE}-p${port}${YYYYMMDD-HHMM}.json' in cwd
--jsonfile|-oj <jsonfile> additional output to the specified flat JSON file or directory, similar to --logfile
--json-pretty additional JSON structured output of findings to a file '${NODE}-p${port}${YYYYMMDD-HHMM}.json' in cwd
--jsonfile-pretty|-oJ <jsonfile> additional JSON structured output to the specified file or directory, similar to --logfile
--csv additional output of findings to CSV file '${NODE}-p${port}${YYYYMMDD-HHMM}.csv' in cwd or directory
--csvfile|-oC <csvfile> additional output as CSV to the specified file or directory, similar to --logfile
--html additional output as HTML to file '${NODE}-p${port}${YYYYMMDD-HHMM}.html'
--htmlfile|-oH <htmlfile> additional output as HTML to the specified file or directory, similar to --logfile
--out(f,F)ile|-oa/-oA <fname> log to a LOG,JSON,CSV,HTML file (see nmap). -oA/-oa: pretty/flat JSON.
"auto" uses '${NODE}-p${port}${YYYYMMDD-HHMM}'. If fname if a dir uses 'dir/${NODE}-p${port}${YYYYMMDD-HHMM}'
--hints additional hints to findings
--severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL>
--append if (non-empty) <logfile>, <csvfile>, <jsonfile> or <htmlfile> exists, append to file. Omits any header
--outprefix <fname_prefix> before '${NODE}.' above prepend <fname_prefix>
Options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
<URI> always needs to be the last parameter.
Выполним симуляции клиента.
~/testssl.sh$ ./testssl.sh --client-simulation --log https://www.example.org
###########################################################
testssl.sh 3.1dev from https://testssl.sh/dev/
(e345abb 2020-04-13 23:01:15 -- )
This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
###########################################################
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~179 ciphers]
on debian:./bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Start 2020-04-13 23:23:38 -->> 93.184.216.34:443 (www.example.org) <<--
Further IP addresses: 2606:2800:220:1:248:1893:25c8:1946
rDNS (93.184.216.34): --
Service detected: HTTP
Running client simulations (HTTP) via sockets
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 7.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Chrome 74 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Firefox 71 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
IE 6 XP No connection
IE 8 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
IE 8 XP No connection
IE 11 Win 7 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
IE 11 Win 8.1 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Opera 66 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Java 6u45 No connection
Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
Java 8u161 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Thunderbird (68.3) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Done 2020-04-13 23:24:09 [ 32s] -->> 93.184.216.34:443 (www.example.org) <<--
Проверим сохраненный файл логов.
~/testssl.sh$ cat www.example.org_p443-20200413-2323.log
## Scan started as: "testssl.sh --client-simulation --log https://www.example.org" ## at debian:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev e345abb from 2020-04-13 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019") Start 2020-04-13 23:23:38 -->> 93.184.216.34:443 (www.example.org) <<-- Further IP addresses: 2606:2800:220:1:248:1893:25c8:1946 rDNS (93.184.216.34): -- Service detected: HTTP Running client simulations (HTTP) via sockets Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 7.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Chrome 74 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Firefox 71 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) IE 6 XP No connection IE 8 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256) IE 8 XP No connection IE 11 Win 7 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH IE 11 Win 8.1 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256) IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Opera 66 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Java 6u45 No connection Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256) Java 8u161 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Thunderbird (68.3) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) Done 2020-04-13 23:24:09 [ 32s] -->> 93.184.216.34:443 (www.example.org) <<--
Протестируем все уязвимости.
~/testssl.sh$ ./testssl.sh --vulnerable --log https://www.example.org
###########################################################
testssl.sh 3.1dev from https://testssl.sh/dev/
(e345abb 2020-04-13 23:01:15 -- )
This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
###########################################################
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~179 ciphers]
on debian:./bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Start 2020-04-13 23:26:48 -->> 93.184.216.34:443 (www.example.org) <<--
Further IP addresses: 2606:2800:220:1:248:1893:25c8:1946
rDNS (93.184.216.34): --
Service detected: HTTP
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)
ROBOT not vulnerable (OK)
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
Can be ignored for static pages or if no secrets in the page
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=9250711C54DE546F4370E0C3D3A3EC45BC96092A25A4A71A1AFA396AF7047EB8 could help you to find out
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no common prime detected
BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA AES256-SHA CAMELLIA256-SHA AES128-SHA
CAMELLIA128-SHA DHE-RSA-SEED-SHA SEED-SHA
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Done 2020-04-13 23:28:08 [ 82s] -->> 93.184.216.34:443 (www.example.org) <<--
Выполним полное сканирование.
~/testssl.sh$ ./testssl.sh https://blog.sleeplessbeastie.eu
###########################################################
testssl.sh 3.1dev from https://testssl.sh/dev/
(e345abb 2020-04-13 23:01:15 -- )
This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
###########################################################
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~179 ciphers]
on debian:./bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Testing all IPv4 addresses (port 443): 104.26.1.232 104.26.0.232
-------------------------------------------------------------------------------------------
Start 2020-04-13 23:30:08 -->> 104.26.1.232:443 (blog.sleeplessbeastie.eu) <<--
Further IP addresses: 104.26.0.232 2606:4700:20::681a:e8 2606:4700:20::681a:1e8
rDNS (104.26.1.232): --
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
