← 返回命令列表

Linux command

testssl 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Test server

testssl [example.com]

Test specific port

testssl [example.com:8443]

Quick test

testssl --fast [example.com]

Show all ciphers

testssl -E [example.com]

Check vulnerabilities only

testssl -U [example.com]

HTML output

testssl --html [example.com]

JSON output

testssl --jsonfile [output.json] [example.com]

Quiet mode

testssl --quiet [example.com]

说明

testssl checks TLS/SSL encryption on servers. It identifies vulnerabilities, weak ciphers, and configuration problems. Protocol testing shows which TLS versions are enabled. Old protocols (SSLv3, TLS 1.0, TLS 1.1) are security risks. Vulnerability scanning checks for BEAST, POODLE, Heartbleed, ROBOT, and other known attacks. Cipher analysis reveals weak encryption. Export ciphers, NULL encryption, and RC4 are flagged. Certificate inspection shows validity, chain, and trust issues. It identifies expiring, self-signed, or misconfigured certificates. The tool is a bash script requiring OpenSSL. It works on any Unix-like system without installation.

参数

-E, --each-cipher
Test each cipher.
-e, --cipher-per-proto
Ciphers per protocol.
-U, --vulnerable
Vulnerability checks.
-S, --server-defaults
Server defaults.
-P, --protocols
Protocol support.
-H, --headers
HTTP headers.
--fast
Quick check.
--html
HTML output.
--jsonfile _FILE_
JSON output.
--csvfile _FILE_
CSV output.
--quiet
Minimal output.
--color _N_
Color mode (0-3).
--connect-timeout _SEC_
Connection timeout.
--openssl _PATH_
Custom OpenSSL path.

FAQ

What is the testssl command used for?

testssl checks TLS/SSL encryption on servers. It identifies vulnerabilities, weak ciphers, and configuration problems. Protocol testing shows which TLS versions are enabled. Old protocols (SSLv3, TLS 1.0, TLS 1.1) are security risks. Vulnerability scanning checks for BEAST, POODLE, Heartbleed, ROBOT, and other known attacks. Cipher analysis reveals weak encryption. Export ciphers, NULL encryption, and RC4 are flagged. Certificate inspection shows validity, chain, and trust issues. It identifies expiring, self-signed, or misconfigured certificates. The tool is a bash script requiring OpenSSL. It works on any Unix-like system without installation.

How do I run a basic testssl example?

Run `testssl [example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -E, --each-cipher do in testssl?

Test each cipher.