Skip to main content

Installation & Use Of TestSSL.sh Tool

When performing pentesting engagements there are times where validation of SSL/TLS ciphers, protocols, certificates, etc. is needed. One tool that White Oak Security’s pentesting team tends to make use of is the testssl.sh command line tool that is freely available for anyone to download. In this article, we will go through the installation process and how to use the new toolset.

How To Install TestSSL.sh

Installation is pretty simple as there are a couple different options available. The first option is pulling directly from the testssl.sh website utilizing the following commands:

Latest stable code:

curl -L https://testssl.sh > testssl.nsh

Latest development code:

curl -L https://testssl.sh/dev/ > testssl.sh

The second option is pulling the testssl.sh toolset from GitHub utilizing the following command:

git clone --depth 1 https://github.com/drwetter/testssl.sh.git
Installation of the testssl.sh command line tool by white oak security, screenshot of code verifying the install.

Pretty simple right? Now let’s get into using the toolset.

How Pentesters Use TestSSL.sh     

This tool is one of the simplest pentesting tools to utilize and access valuable information. To start – change into the directory where the testssl.sh script is located. Let’s issue the following commands:

Standard HTTPS webserver:

./testssl.sh https://<IP or Hostname>

Non-Standard SSL Ports:

./testssl.sh <IP or Hostname:PORT>

Here is an example screenshot utilizing the toolset:

Screenshot of testssl.sh testing protocols & testing ciphers by white oak security blog.

Scrolling down the output from testssl.sh – there is useful information in regards to ciphers supported, SSL certificate information, and protocols utilized.

Testssl.sh tool showing the certificates validity and issuer in this screenshot by white oak security.

TestSSL.sh Recap

Hopefully this blog post demonstrates how easy testssl.sh is to be installed and utilized for everyday testing. Any additional information on the toolset can be obtained from their website – https://testssl.sh/. In closing, there are many tools available that perform similar tests however we prefer this tool because it is easy to install, use, and provides clear output for reporting purposes.

MORE FROM WHITE OAK SECURITY 

White Oak Security is a highly skilled and knowledgeable cyber security testing company that works hard to get into the minds of opponents to help protect those we serve from malicious threats through expertise, integrity, and passion. 

Read more from White Oak Security’s pentesting team.