Forrest logo
tool overview
On this page you find all important commands for the CLI tool testssl. If the command you are looking for is missing please ask our AI.

testssl

testssl is a command line tool used for testing SSL/TLS security of a server. It is designed to provide an extensive analysis of SSL/TLS vulnerabilities, encryption algorithms, and cipher suites used on a target server. The tool is open-source and written in Shell Script and managed via command line interface.

testssl offers various features, including support for both IPv4 and IPv6 addresses, SNI (Server Name Indication) support for multiple domains on a single IP address, and the ability to test for TLS vulnerabilities like BEAST, POODLE, Heartbleed, and DROWN.

The tool performs a comprehensive scan of a server's SSL/TLS configuration, examining weak encryption algorithms, expired or weak certificates, insecure protocols, and missing security headers.

testssl supports a large number of options, allowing users to customize their scan based on specific requirements. It can generate reports in different formats, including JSON, XML, HTML, and Markdown.

The tool also incorporates OCSP (Online Certificate Status Protocol) stapling support to verify the validity of a server's SSL/TLS certificate without contacting the certificate authority.

testssl has built-in support for checking HTTP(S) protocols and retrieving additional information about the server's SSL/TLS configuration from its banners.

The tool is regularly updated to include new SSL/TLS vulnerabilities and protocols.

testssl is widely used by security professionals to assess the security posture of SSL/TLS implementations on web servers. It helps organizations identify potential vulnerabilities and make informed decisions to enhance their server's security.

List of commands for testssl:

  • sslscan:tldr:b3cf5 sslscan: Show certificate information.
    $ testssl --show-certificate ${example-com}
    try on your machine
    explain this command
  • testssl:tldr:88cca testssl: Only check vulnerabilities.
    $ testssl --vulnerable ${example-com}
    try on your machine
    explain this command
  • testssl:tldr:a65d9 testssl: Only check HTTP security headers.
    $ testssl --headers ${example-com}
    try on your machine
    explain this command
  • testssl:tldr:c38c6 testssl: Only check available protocols.
    $ testssl --protocols ${example-com}
    try on your machine
    explain this command
  • testssl:tldr:c71b6 testssl: Test a server (run every check) on port 443.
    $ testssl ${example-com}
    try on your machine
    explain this command
tool overview