This command line tool aids you to watertight your server security. The vulnerability scan is not limited to your local server, it can be used to scan servers on your local network and the internet. It checks a server\’s service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Example of usages:
To install testssl.sh
git clone --depth 1 https://github.com/drwetter/testssl.sh.git
or download from here
- ./testssl.sh URI
- ./testssl.sh https://www.google.com/
- testssl.sh –starttls smtp <smtphost>.<tld>:587
- testssl.sh –starttls ftp <ftphost>.<tld>:21
- testssl.sh -t xmpp <jabberhost>.<tld>:5222
- testssl.sh -t xmpp –xmpphost <XMPP domain> <jabberhost>.<tld>:5222
- testssl.sh –starttls imap <imaphost>.<tld>:143
- If you just want to check the mail exchangers of a domain, do it like this: testssl.sh –mx google.com (make sure port 25 outbound is not blocked by your firewall)