Shell Script으로 작성된 SSL/TLS Check Script
검색을 진행한 Protocols / Ciphers에 대한 취약한 정보 & 결과를 확인 할 수 있다
- 사용 옵션
$ ./testssl.sh
testssl.sh <options>
-h, --help what you're looking at
-b, --banner displays banner + version of testssl.sh
-v, --version same as previous
-V, --local pretty print all local ciphers
-V, --local <pattern> which local ciphers with <pattern> are available?
(if pattern not a number: word match)
testssl.sh <options> URI ("testssl.sh URI" does everything except -E)
-e, --each-cipher checks each local cipher remotely
-E, --cipher-per-proto checks those per protocol
-f, --ciphers checks common cipher suites
-p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2)
-y, --spdy, --npn checks for SPDY/NPN
-Y, --http2, --alpn checks for HTTP2/ALPN
-S, --server-defaults displays the server's default picks and certificate info
-P, --server-preference displays the server's picks: protocol+cipher
-x, --single-cipher <pattern> tests matched <pattern> of ciphers
(if <pattern> not a number: word match)
-c, --client-simulation test client simulations, see which client negotiates with cipher and protocol
-H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address
-U, --vulnerable tests all vulnerabilities
-B, --heartbleed tests for heartbleed vulnerability
-I, --ccs, --ccs-injection tests for CCS injection vulnerability
-R, --renegotiation tests for renegotiation vulnerabilities
-C, --compression, --crime tests for CRIME vulnerability
-T, --breach tests for BREACH vulnerability
-O, --poodle tests for POODLE (SSL) vulnerability
-Z, --tls-fallback checks TLS_FALLBACK_SCSV mitigation
-F, --freak tests for FREAK vulnerability
-A, --beast tests for BEAST vulnerability
-J, --logjam tests for LOGJAM vulnerability
-D, --drown tests for DROWN vulnerability
-s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
special invocations:
-t, --starttls <protocol> does a default run against a STARTTLS enabled <protocol>
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
--ip <ip> a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI
b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
--file <fname> mass testing option: Reads command lines from <fname>, one line per instance.
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"
partly mandatory parameters:
URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified)
pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
protocol is one of the STARTTLS protocols ftp,smtp,pop3,imap,xmpp,telnet,ldap
(for the latter two you need e.g. the supplied openssl)
tuning options (can also be preset via environment variables):
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
--ssl-native fallback to checks with OpenSSL where sockets are normally used
--openssl <PATH> use this openssl binary (default: look in $PATH, $RUN_DIR of testssl.sh)
--proxy <host>:<port> connect via the specified HTTP proxy
-6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
--sneaky leave less traces in target logs: user agent, referer
output options (can also be preset via environment variables):
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones
--mapping <no-rfc> don't display the RFC Cipher Suite Name
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
--colorblind swap green and blue in the output
--debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh"
file output options (can also be preset via environment variables):
--log, --logging logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory
--logfile <logfile> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file
--json additional output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd
--jsonfile <jsonfile> additional output to JSON and output JSON to the specified file
--csv additional output of findings to CSV file <NODE-YYYYMMDD-HHMM.csv> in cwd
--csvfile <csvfile> set output to CSV and output CSV to the specified file
--append if <csvfile> or <jsonfile> exists rather append then overwrite
All options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
<URI> is always the last parameter.
Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/aha) like
"testssl.sh <options> <URI> | aha >output.html"
- 사용 예제
$ ./testssl.sh https://xxx.xxx.xxx
###########################################################
testssl.sh 2.8rc3 from https://testssl.sh/dev/
(1.562 2016/11/05 13:55:29)
This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
###########################################################
Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
on $:./bin/openssl.Darwin.x86_64
(built: "Sep 7 19:34:54 2016", platform: "darwin64-x86_64-cc")
Start 2016-12-10 13:32:25 -->> xxx.xxx.xxx.xxx:443 (xxx.xxx.xxx.xxx) <<--
rDNS (xxx.xxx.xxx.xxx): xxx.xxx.xxx
Service detected: HTTP
Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2)
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 offered (OK)
Version tolerance downgraded to TLSv1.2 (OK)
SPDY/NPN h2, http/1.1 (advertised)
HTTP2/ALPN h2, http/1.1 (offered)
Testing ~standard cipher lists
Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption not offered (OK)
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
"Medium" grade encryption not offered (OK)
Triple DES Ciphers offered
High grade encryption offered (OK)
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
PFS is offered (OK) ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305-OLD
Elliptic curves offered: prime256v1
Testing server preferences
Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-CHACHA20-POLY1305-OLD, 256 bit ECDH
Cipher order
TLSv1: ECDHE-RSA-AES128-SHA AES128-SHA DES-CBC3-SHA ECDHE-RSA-AES256-SHA AES256-SHA
TLSv1.1: ECDHE-RSA-AES128-SHA AES128-SHA DES-CBC3-SHA ECDHE-RSA-AES256-SHA AES256-SHA
TLSv1.2: ECDHE-RSA-CHACHA20-POLY1305-OLD ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA AES128-SHA256 DES-CBC3-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 AES256-GCM-SHA384 AES256-SHA AES256-SHA256
h2: ECDHE-RSA-CHACHA20-POLY1305-OLD ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA AES128-SHA256 DES-CBC3-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 AES256-GCM-SHA384 AES256-SHA AES256-SHA256
http/1.1: ECDHE-RSA-CHACHA20-POLY1305-OLD ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA AES128-SHA256 DES-CBC3-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 AES256-GCM-SHA384 AES256-SHA AES256-SHA256
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "session ticket/#35" "application layer protocol negotiation/#16" "EC point formats/#11" "next protocol/#13172"
Session Tickets RFC 5077 100800 seconds (PFS requires session ticket keys to be rotated <= daily)
SSL Session ID support yes
TLS clock skew 0 sec from localtime
Server Certificate #1
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits
Fingerprint / Serial SHA1 7251FEA80BDB5C70960D5FA64971707CE4F4071A / 399DF451D19788A5
SHA256 D960971F43091D0E7E7688E51354AFE2E7379ACDF0D84F5DC8B704B8D338F15C
Common Name (CN) "*.xxx.xxx.xxx" (CN in response to request w/o SNI: "xxx.xxx")
subjectAltName (SAN) "*.xxx.xxx.xxx"
Issuer "XXXX" ("XXXX")
Trust (hostname) Ok via SAN wildcard and CN wildcard (works w/o SNI)
Chain of trust Ok
EV cert (experimental) no
Certificate Expiration 75 >= 60 days (2016-12-01 23:42 --> 2017-02-23 23:17 +0900)
# of certificates provided 3
Certificate Revocation List http://xxx.xxx.xxx/GIAG2.crl
OCSP URI http://xxx.xxx.xxx/ocsp
OCSP stapling --
Server Certificate #2 (in response to request w/o SNI)
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits
Fingerprint / Serial SHA1 85C8BA5BA909CBE0C534E0752A409BE5D6E21F85 / 2D6003EF3F83C4CC
SHA256 CDD47A6C688B0E9A12BBF1783C31A0164FB1858CF3C1CDAE141C8F290BFE16CB
Common Name (CN) "xxx.xxx.xxx"
subjectAltName (SAN) "xxx.xxx.xxx"
Issuer "XXXXX" ("XXXX")
Trust (hostname) Ok via SAN wildcard
Chain of trust Ok
EV cert (experimental) no
Certificate Expiration 75 >= 60 days (2016-12-01 23:17 --> 2017-02-23 23:16 +0900)
# of certificates provided 3
Certificate Revocation List http://xxx.xxx.xxx/GIAG2.crl
OCSP URI http://xxx.xxx.xxx/ocsp
OCSP stapling --
Testing HTTP header response @ "/"
sed: RE error: illegal byte sequence
HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security --
Public Key Pinning --
Server banner gws
Application banner --
Cookie(s) 1 issued: NOT secure, 1/1 HttpOnly
Security headers X-Frame-Options SAMEORIGIN
X-XSS-Protection 1; mode=block
Reverse Proxy banner --
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
Can be ignored for static pages or if no secrets in the page
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (2016-0800, CVE-2016-0703) not vulnerable on this port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=CDD47A6C688B0E9A12BBF1783C31A0164FB1858CF3C1CDAE141C8F290BFE16CB SHA256 D960971F43091D0E7E7688E51354AFE2E7379ACDF0D84F5DC8B704B8D338F15C could help you to find out
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) TLS1: DES-CBC3-SHA AES128-SHA
AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA
VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Testing all 183 locally available ciphers against the server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
---------------------------------------------------------------------------------------------------------------------------
xcc13 ECDHE-RSA-CHACHA20-POLY1305-OLD ECDH 256 ChaCha20 256 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
Running browser simulations via sockets (experimental)
Android 2.3.7 TLSv1.0 AES128-SHA
Android 4.0.4 TLSv1.0 ECDHE-RSA-AES128-SHA
Android 4.1.1 TLSv1.0 ECDHE-RSA-AES128-SHA
Android 4.2.2 TLSv1.0 ECDHE-RSA-AES128-SHA
Android 4.3 TLSv1.0 ECDHE-RSA-AES128-SHA
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 5.0.0 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD
Baidu Jan 2015 TLSv1.0 ECDHE-RSA-AES128-SHA
BingPreview Jan 2015 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Chrome 47 / OSX TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Firefox 31.3.0ESR / Win7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Firefox 42 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
GoogleBot Feb 2015 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
IE 6 XP No connection
IE 7 Vista TLSv1.0 ECDHE-RSA-AES128-SHA
IE 8 XP TLSv1.0 DES-CBC3-SHA
IE 8-10 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA
IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA
IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA
IE 10 Win Phone 8.0 TLSv1.0 ECDHE-RSA-AES128-SHA
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA
IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-RSA-AES128-SHA
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Java 6u45 TLSv1.0 AES128-SHA
Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA
Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 0.9.8y TLSv1.0 AES128-SHA
OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-RSA-AES128-SHA
Safari 6 iOS 6.0.1 TLSv1.2 ECDHE-RSA-AES128-SHA
Safari 6.0.4 OS X 10.8.4 TLSv1.0 ECDHE-RSA-AES128-SHA
Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES128-SHA
Safari 7 OS X 10.9 TLSv1.2 ECDHE-RSA-AES128-SHA
Safari 8 iOS 8.4 TLSv1.2 ECDHE-RSA-AES128-SHA
Safari 8 OS X 10.10 TLSv1.2 ECDHE-RSA-AES128-SHA
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Done 2016-12-10 13:34:10 -->> xxx.xxx.xxx.xxx:443 (xxx.xxx.xxx.xxx) <<--
참고 문서 : https://github.com/TKCERT/testssl.sh
'+ Security' 카테고리의 다른 글
| [Squid] 스퀴드 프록시(프락시) 설치 및 보안 설정(Installation and Security Setting of Squid Proxy) (0) | 2017.06.17 |
|---|---|
| [Info] Encoding / Decoding 변환 사이트 (0) | 2016.12.10 |
| [Info] SSL & Cipher Configuration Generator (0) | 2016.12.10 |
| [Info] SSL Check 사이트 (0) | 2016.12.10 |
| [Scanner] 간단한 XSS Scanner (0) | 2016.12.10 |
댓글