Article original publié le : 04 juin 2021 Mise a jour le : |
Ce script vérifie les protocoles et ciphers utilisés sur les sites web, comme sur ssllabs mais beaucoup plus rapidement
Son utilisation est assez simple
Cloner le repo depuis Github
1 |
$ git clone --depth 1 https://github.com/drwetter/testssl.sh.git |
Faire un lien symbolique dans un path
1 |
$ sudo ln -s /home/bef/testssl.sh/testssl.sh /usr/local/sbin/testssl |
Lancer un test sur un site web afin de l’analyser
1 |
$ testssl https://it.izero.fr |
Quelques options possibles en paramètre
https://github.com/drwetter/testssl.sh/wiki/Usage-Documentation
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
testssl.sh -h, --help what you're looking at -b, --banner displays banner + version of testssl.sh -v, --version same as previous -V, --local pretty print all local ciphers -V, --local which local ciphers with are available? (if pattern not a number: word match) testssl.sh URI ("testssl.sh URI" does everything except -E) -e, --each-cipher checks each local cipher remotely -E, --cipher-per-proto checks those per protocol -f, --ciphers checks common cipher suites -p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2) -y, --spdy, --npn checks for SPDY/NPN -Y, --http2, --alpn checks for HTTP2/ALPN -S, --server-defaults displays the server's default picks and certificate info -P, --server-preference displays the server's picks: protocol+cipher -x, --single-cipher tests matched of ciphers (if not a number: word match) -c, --client-simulation test client simulations, see which client negotiates with cipher and protocol -H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address -U, --vulnerable tests all vulnerabilities -B, --heartbleed tests for heartbleed vulnerability -I, --ccs, --ccs-injection tests for CCS injection vulnerability -R, --renegotiation tests for renegotiation vulnerabilities -C, --compression, --crime tests for CRIME vulnerability -T, --breach tests for BREACH vulnerability -O, --poodle tests for POODLE (SSL) vulnerability -Z, --tls-fallback checks TLS_FALLBACK_SCSV mitigation -F, --freak tests for FREAK vulnerability -A, --beast tests for BEAST vulnerability -J, --logjam tests for LOGJAM vulnerability -D, --drown tests for DROWN vulnerability -s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings -4, --rc4, --appelbaum which RC4 ciphers are being offered? |
Il y a pas mal de forks autour de cet outil, web front, plugin Nagios ..
https://github.com/drwetter/testssl.sh