This scanner takes the following parameters:
- --path (-p)
Full path of the testssl.sh script in case we cannot find it
- --remote (-r)
Optional comma separed list of hostname, username, and key path used to ssh
to the host and run the command there
- options (-o)
Options to be passed to the testssl.sh scanner. See https://testssl.sh/ Some of them include:
- -e, --each-cipher
checks each local cipher remotely.
- -E, --cipher-per-proto
checks those per protocol.
- -f, --ciphers
checks common cipher suites.
- -p, --protocols
checks TLS/SSL protocols (including SPDY/HTTP2).
- -y, --spdy, --npn
checks for SPDY/NPN.
- -Y, --http2, --alpn
checks for HTTP2/ALPN.
- -S, --server-defaults
displays the server's default picks and certificate info.
- -P, --server-preference
displays the server's picks: protocol+cipher.
- -x, --single-cipher
tests matched of ciphers (if not a number: word match).
- -c, --client-simulation
test client simulations, see which client negotiates with cipher and protocol.
- -H, --header, --headers
tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address.
- -c, --client-simulation
test client simulations, see which client negotiates with cipher and protocol.
- -U, --vulnerable
tests all vulnerabilities.
- -B, --heartbleed
tests for heartbleed vulnerability.
- -I, --ccs, --ccs-injection
tests for CCS injection vulnerability.
- -R, --renegotiation
tests for renegotiation vulnerabilities.
- -C, --compression, --crime
tests for CRIME vulnerability.
- -T, --breach
tests for BREACH vulnerability.
- -O, --poodle
tests for POODLE (SSL) vulnerability.
- -Z, --tls-fallback
checks TLS_FALLBACK_SCSV mitigation.
- -F, --freak
tests for FREAK vulnerability.
- -A, --beast
tests for BEAST vulnerability.
- -J, --logjam
tests for LOGJAM vulnerability.
- -D, --drown
tests for DROWN vulnerability.
- -s, --pfs, --fs, --nsa
checks (perfect) forward secrecy settings.
- -4, --rc4, --appelbaum
Which RC4 ciphers are being offered?.
Subsitutions:
- @HOSTS is substituted with the path of a file containing the hosts field
- $WORSKPACE is substituted with the workspace name
- $SCAN is substituted with the scan name
- $PASSWORD is substituted with the value in the password field