testssl

testssl is a command line tool used for testing SSL/TLS security of a server. It is designed to provide an extensive analysis of SSL/TLS vulnerabilities, encryption algorithms, and cipher suites used on a target server. The tool is open-source and written in Shell Script and managed via command line interface.

testssl offers various features, including support for both IPv4 and IPv6 addresses, SNI (Server Name Indication) support for multiple domains on a single IP address, and the ability to test for TLS vulnerabilities like BEAST, POODLE, Heartbleed, and DROWN.

The tool performs a comprehensive scan of a server's SSL/TLS configuration, examining weak encryption algorithms, expired or weak certificates, insecure protocols, and missing security headers.

testssl supports a large number of options, allowing users to customize their scan based on specific requirements. It can generate reports in different formats, including JSON, XML, HTML, and Markdown.

The tool also incorporates OCSP (Online Certificate Status Protocol) stapling support to verify the validity of a server's SSL/TLS certificate without contacting the certificate authority.

testssl has built-in support for checking HTTP(S) protocols and retrieving additional information about the server's SSL/TLS configuration from its banners.

The tool is regularly updated to include new SSL/TLS vulnerabilities and protocols.

testssl is widely used by security professionals to assess the security posture of SSL/TLS implementations on web servers. It helps organizations identify potential vulnerabilities and make informed decisions to enhance their server's security.