概述
testssl.sh 是一个免费的命令行工具,它检查任何端口上的服务器服务是否支持 TLS/SSL 密码、协议以及密码缺陷等等。
testssl.sh 开箱即用,可移植:它可以在任何类 Unix 堆栈下运行.
其输出按颜色或严重性对结果进行评分,以便您能够判断某事是好是坏。
参考:https://testssl.sh/doc/testssl.1.html
使用步骤
step1: git clone --depth 1 https://github.com/drwetter/testssl.sh.git
step2: clone完后进入目录 cd testssl.sh/
setp3: 运行检测./testssl.sh yourdomain.com
PS:获取帮助testssl.sh --help
输出报告解读
testssl.sh URI作为默认调用执行所谓的默认运行,它会执行下面列出的所有检查,除了-E(出现顺序):
- 对 IP 地址进行 DNS 查找,并对返回的 IP 地址进行反向查找。。
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
on kunzites1:./bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Start 2022-06-07 20:09:46 -->> xxx.xx.xxx.18:20000 (xxx.xxxx.xxx.xxx.com) <<--
Further IP addresses: xxxx:xxxx:90:0:xxxx:4bef:xxxx:472f
rDNS (172.xx.xxx.18): --
Service detected: HTTP
- SSL/TLS 协议检查
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 http/1.1 (offered)
- 标准密码类别,让您提前了解支持的密码
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) with no FS not offered
Forward Secrecy strong encryption (AEAD ciphers) offered (OK)
- 服务器偏好(服务器顺序)
Testing server's cipher preferences
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2 (server order)
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLSv1.3 (server order)
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
Has server cipher order? yes (OK) -- TLS 1.3 and below
Negotiated protocol TLSv1.3
Negotiated cipher TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
5.检查(完美)前向保密:密码和椭圆曲线
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
FS is offered (OK) TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-CHACHA20-POLY1305
TLS_AES_128_GCM_SHA256
ECDHE-RSA-AES128-GCM-SHA256
Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448
- 服务器默认值(证书信息、TLS 扩展、会话信息)
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281"
"EC point formats/#11" "session ticket/#35"
"supported versions/#43" "key share/#51"
"supported_groups/#10" "max fragment length/#1"
"application layer protocol negotiation/#16"
"extended master secret/#23"
Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily
SSL Session ID support yes
Session Resumption Tickets no, ID: no
TLS clock skew Random values, no fingerprinting possible
Certificate Compression none
Client Authentication none
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits (exponent is 65537)
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial 0B60576712E4D3C84D67FBC8546B1067 (OK: length 16)
Fingerprints SHA1 447916BCD81FC825296698F467F1FFE0C36B09B9
SHA256 9379D7573F5B27EAC8678259299B6324AA43B3C65189C3364903293097BF0DEF
Common Name (CN) *.xxxx.xxxx.xx.com
subjectAltName (SAN) *.xxx.xxx.xxx.com
xxxx.cxx.xxx.com
private.xxx.cloud.xxx.com
*.private.xxx.cloud.xxx.com
Trust (hostname) Ok via SAN wildcard and CN wildcard (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
Certificate Validity (UTC) 355 >= 60 days (2022-04-28 00:00 --> 2023-05-29 23:59)
ETS/"eTLS", visibility info not present
Certificate Revocation List http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
OCSP URI http://ocsp.digicert.com
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered
Certificate Transparency yes (certificate extension)
Certificates provided 3 (certificate list ordering problem)
Issuer DigiCert TLS RSA SHA256 2020 CA1 (DigiCert Inc from US)
Intermediate cert validity #1: ok > 40 days (2031-04-13 23:59). DigiCert TLS RSA SHA256 2020 CA1 <-- DigiCert Global Root CA
#2: ok > 40 days (2023-03-08 12:00). DigiCert SHA2 Secure Server CA <-- DigiCert Global Root CA
Intermediate Bad OCSP (exp.) Ok
- HTTP 标头(如果检测到 HTTP 或通过 强制执行--assume-http)
Testing HTTP header response @ "/api/vx/xxxx"
HTTP Status Code 400 Bad Request (Hint: better try another URL)
HTTP clock skew 0 sec from localtime
Strict Transport Security 365 days=31536000 s, includeSubDomains
Public Key Pinning --
Server banner (no "Server" line in header, interesting!)
Application banner --
Cookie(s) (none issued at "/api/xx/xxxf/clusters/xxxx/bxxxxs/xxx/xxx") -- maybe better try target URL of 30x
Security headers X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none';
frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Cache-Control: no-store
Pragma: no-cache
Reverse Proxy banner
- 漏洞
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK) -- mitigated (disconnect within 6)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/api/vx/xxxx" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=9379D7573F5B27EAC8678259299B6324AA43B3C65189C3364903293097BF0DEF
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
Winshock (CVE-2014-6321), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
- 客户端模拟
Running client simulations (HTTP) via sockets
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 7.0 (native) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Android 11 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Android 12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256)
Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
LibreSSL 2.8.3 (Apple) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
OpenSSL 3.0.3 (git) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Apple Mail (16.0) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
- 评级
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 100 (30)
Key Exchange (weighted) 90 (27)
Cipher Strength (weighted) 90 (36)
Final Score 93
Overall Grade A+
Done 2022-06-07 20:11:07 [ 85s] -->> xx.xxx.xxxx.xx:20000 (xxxx.xx.com) <<--
使用方法
testssl.sh [OPTIONS] <URI>,
testssl.sh [OPTIONS] --file <FILE>
testssl.sh <URI> 作为默认调用执行所谓的默认运行,它会执行默认所有检查。
参数
- URI:可以是主机名、IPv4 或 IPv6 地址、 URL。IPv6 地址需要放在方括号中。对于任何给定的参数,除非通过附加冒号和端口号指定,否则假定端口 443。
- --file <fname>: 是大规模测试选项。默认情况下,它会隐式打开--warnings batch。
- --mode <serial|parallel>:.批量测试以串行(默认)或并行进行。默认情况下,大规模测试以串行模式运行,即一行接一行地被处理和调用。
- --warnings <batch|off>: warnings 参数决定了 testssl.sh 将如何处理需要用户正常输入的情况。batch遇到客户端或服务器端问题时,不会等待确认按键而会终止特定的扫描,这适用于大规模测试 ( --file);off只是跳过警告,确认但继续扫描,不管它是否有意义。
- --connect-timeout <seconds> : 如果节点没有完成 TCP 握手,testssl.sh 通常可能会挂起大约 2 分钟甚至更长时间。此参数指示 testssl.shseconds在放弃之前最多等待握手完成。此选项仅在您的操作系统安装了超时二进制文件时才有效。CONNECT_TIMEOUT 是对应的环境变量。
- --openssl-timeout <seconds>: 这对于使用 openssl 的所有连接特别有用,并且对于大规模测试非常有用。它避免了 openssl 连接挂起约 2 分钟。仅当您的操作系统安装了超时二进制文件时,该选项才可用。
单项检查选项
作为参数提供的任何单个检查开关都会阻止 testssl.sh 执行默认运行。它只需要这个,如果提供了其他选项并运行它们 - 它们也将出现在默认运行中。
- -e, --each-cipher: 通过服务器上的 openssl + 套接字远程检查(当前配置的)370 个密码中的每一个,并以宽模式报告结果。如果要显示测试的每个密码,则需要添加--show-each. 默认情况下,它列出以下参数:hexcode, OpenSSL cipher suite name, key exchange, encryption bits, IANA/RFC cipher suite name.
- --E, --cipher-per-proto: 类似于-e, --each-cipher。它检查每个可能的密码,这里:每个协议。如果要显示测试的每个密码,则需要添加--show-each. 输出按安全强度排序,但它列出了加密位。
- -f, --pfs, --fs,--nsa: 检查稳健的前向保密密钥交换。“健壮”意味着这里不会考虑具有诸如空身份验证或加密、3DES 和 RC4 等内在严重弱点的密码。不应该有错误的印象,即安全密钥交换已经发生并且一切都很好,而实际上加密很糟糕。
- -p, --protocols: 检查 TLS/SSL 协议 SSLv2、SSLv3、TLS 1.0 到 TLS 1.3 以及 HTTP:SPDY (NPN) 和 ALPN,即 HTTP/2。对于 TLS 1.3,支持并测试了几个草案(从 18 开始)和最终版本。
漏洞
- -U, --vulnerable, --vulnerabilities:只需测试所有(以下)漏洞。环境变量VULN_THRESHLD确定在哪个值之后显示每个漏洞的单独标题。默认是1这意味着如果您检查两个漏洞,除了漏洞和结果之外,仅显示漏洞部分的一般标题。否则,除了漏洞名称和测试结果的输出之外,每个漏洞或漏洞部分都有自己的标题。一个漏洞部分由多个检查组成,例如重新协商漏洞检查有两个检查,Logjam 也是如此。
- -H, --heartbleed :检查心脏出血,openssl 中的内存泄漏。除非服务器端不支持心跳扩展,否则此检查可能会超时。可以用 调整等待回复的秒数HEARTBLEED_MAX_WAITSOCK。8 是默认值。
- -I, --ccs, --ccs-injection: 检查 CCS 注入,这是一个 openssl 漏洞。有时这里的支票也需要等待回复。可以使用环境变量更改预定义的 5 秒超时CCS_MAX_WAITSOCK。
- -T, --ticketbleed: 检查 BigIP 负载平衡器中的 Ticketbleed 内存泄漏。
- **-BB, --robot 检查 ROBOT /(Bleichenbacher 的 Oracle 威胁回归)攻击的漏洞。
- -R, --renegotiation: 测试重新协商漏洞。目前有一个检查Secure Renegotiation和 for Secure Client-Initiated Renegotiation。请注意,易受攻击的服务器很容易被 DoSed (HTTP) 攻击。尚未实施对不安全的客户端发起的重新协商的检查。
- -C, --compression, --crime: 检查 TLS 中的 CRIME(压缩比信息泄漏变得容易)漏洞。SPDY 中的 CRIME 尚未被检查。
- -B, --breach: 检查 BREACH(通过自适应超文本压缩的浏览器侦察和渗透)漏洞。至于此漏洞,HTTP 级别压缩是先决条件,如果无法检测到 HTTP 或未通过`--assume-http. 请注意,只有提供的 URL(通常是 "/" )正在测试中。
- -O, --poodle: 测试 SSL POODLE(Padding Oracle On Downgraded Legacy Encryption)漏洞。它基本上检查 SSLv3 中是否存在 CBC 密码。
-------------------------------------------------------------更多详情参见参考文档--------------------------------------------------------------
