[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] New release of testssl.sh
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] New release of testssl.sh
- From: Dirk <spam@xxxxxxxxxxxx>
- Date: Thu, 17 Sep 2015 09:44:58 +0200
Hi,
version 2.6 of the SSL/TLS checker "testssl.sh" is out!
testssl.sh is a free command line tool which checks a server's service
on any port for the support of TLS/SSL ciphers, protocols as well as
recent cryptographic flaws and it much more.
It is written in (pure) bash, makes only use of standard Unix utilities,
openssl and last but not least bash sockets.
Version 2.6 includes major improvements (ids from github):
* LOGJAM: check of DHE_EXPORT ciphers, displays DH(/ECDH) bits in wide mode
on negotiated ciphers
* (HTTP) proxy support! Via sockets and openssl -- Thx @jnewbigin
* TLS_FALLBACK_SCSV check -- Thx @JonnyHightower
* TLS 1.0-1.1 as socket checks per default in production
* TLS time and HTTP time stamps for architecture fiingerprinting
* support of sockets also for STARTTLS protocol checks
* TLS time displayed also for STARTTLS
* binary directory provides out of the box better suited binaries (with up to
195 ciphers), besides Linux static binaries:
* OS X binaries (new builds from @jpluimers)
* FreeBSD binary
* ARM binary (@f-s)
* Extended validation certificate detection
* "wide mode" option for checks like RC4, BEAST. PFS: Displays hexcode, kx,
strength, DH bits, RFC cipher name
* will test multiple IP adresses in one shot, --ip= restricts it accordingly
* runs in default mode through all ciphers at the end of a default run
* new mass testing file option --file option where testssl.sh commands are being
read from, see https://twitter.com/drwetter/status/627619848344989696
* displays matching host key (HPKP)
* further detection of security relevant headers (reverse proxy, IPv4
addresses) as
well as proprietary banners (OWA, Liferay etc.)
* can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML
streams).
* quite some fixes when using LibreSSL, still not recommended to use though
(see https://testssl.sh/)
* lots of fixes, code improvements, even more robust
Get it while it's hot @ https://testssl.sh or @ github where all development
action takes place: https://github.com/drwetter/testssl.sh/tree/2.6 .
Some of the planned feaures for the next release see
https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29
Cheers, Dirk (@drwetter)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/