Skip to main content

Installation & Use Of Tool

When performing pentesting engagements there are times where validation of SSL/TLS ciphers, protocols, certificates, etc. is needed. One tool that White Oak Security’s pentesting team tends to make use of is the command line tool that is freely available for anyone to download. In this article, we will go through the installation process and how to use the new toolset.

How To Install

Installation is pretty simple as there are a couple different options available. The first option is pulling directly from the website utilizing the following commands:

Latest stable code:

curl -L > testssl.nsh

Latest development code:

curl -L >

The second option is pulling the toolset from GitHub utilizing the following command:

git clone --depth 1
Installation of the command line tool by white oak security, screenshot of code verifying the install.

Pretty simple right? Now let’s get into using the toolset.

How Pentesters Use     

This tool is one of the simplest pentesting tools to utilize and access valuable information. To start – change into the directory where the script is located. Let’s issue the following commands:

Standard HTTPS webserver:

./ https://<IP or Hostname>

Non-Standard SSL Ports:

./ <IP or Hostname:PORT>

Here is an example screenshot utilizing the toolset:

Screenshot of testing protocols & testing ciphers by white oak security blog.

Scrolling down the output from – there is useful information in regards to ciphers supported, SSL certificate information, and protocols utilized. tool showing the certificates validity and issuer in this screenshot by white oak security. Recap

Hopefully this blog post demonstrates how easy is to be installed and utilized for everyday testing. Any additional information on the toolset can be obtained from their website – In closing, there are many tools available that perform similar tests however we prefer this tool because it is easy to install, use, and provides clear output for reporting purposes.


White Oak Security is a highly skilled and knowledgeable cyber security testing company that works hard to get into the minds of opponents to help protect those we serve from malicious threats through expertise, integrity, and passion. 

Read more from White Oak Security’s pentesting team.