Testing Security Encrypt SSL With TestSSL.sh

Testing Security Encrypt SSL With TestSSL.sh  - hello welcome back to my blog tipstirckindonesia kali ini saya akan membagikan tools untuk menguji keamanan enkripsi SSL dengan testssl.sh yang telah di sebarkan oleh LINUXSEC.org.

Baca Juga : Tools XSS Automatic Scanner 

Apa Saja Fitur yang ada didalam tools tersebut ? 

berikut adalah fitur pada tools tersebut : 

• Clear output: you can tell easily whether anything is good or bad
• Ease of installation: It works for Linux, OSX/Darwin, FreeBSD, NetBSD, OpenBSD (needs bash) and MSYS2/Cygwin out of the box: no need to install or to configure something. No gems, CPAN, pip or the like/
• Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
• Toolbox: Several command line options help you to run YOUR test and configure YOUR output
• Reliability: features are tested thoroughly
• Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
• Privacy: It's only you who sees the result, not a third party
• Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.
• Heck, even the development is open (github)

Bagaimana Cara Install Tersebut ?

berikut adalah cara install tools testssl.sh cukup mudah tapi sebelumnya kalian pastikan dependasinya sudah terinstall 

• SSL
• GIT

berikut adalah caranya : 

git clone --depth 1 https://github.com/drwetter/testssl.sh.git

Bagaimana Cara Menggunakannya ? 

cara menggunakan tools testssl.sh ini cukup mudah dengan cara : 

./testssl.sh https://domain.com

nanti hasilnya akan seperti gambar dibawah ini :

 jika kalian masih bingung dengan command command pada tools testssl.sh ini kalian bisa menggunakan command dibawah ini :

./testssl.sh --help

 Realese Tools 2.9dev :

• Using bash sockets where ever possible --> better detection of ciphers, independent on the openssl version used.
• Testing 364 default ciphers (testssl.sh -e/-E) with a mixture of sockets and openssl. Same speed as with openssl only but additional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
• Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness),
• TLS 1.2 protocol check via socket in production
• Finding more TLS extensions via sockets
• TLS Supported Groups Registry (RFC 7919), key shares extension
• Non-flat JSON support
• File output (CSV, JSON flat, JSON non-flat) supports a minimum severity level (only above supplied level there will be output)
• Support of supplying timeout value for openssl connect -- useful for batch/mass scanning
• Parallel mass testing (!)
• File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
• Native HTML support instead going through 'aha'
• Better formatting of output (indentation)
• Choice showing the RFC naming scheme only
• LUCKY13 and SWEET32 checks
• Check for vulnerability to Bleichenbacher attacks
• Ticketbleed check
• Decoding of unencrypted BIG IP cookies
• LOGJAM: now checking also for known DH parameters
• Check for CAA RR
• Check for OCSP must staple
• Check for Certificate Transparency
• Expect-CT Header Detection
• Check for session resumption (Ticket, ID)
• TLS Robustness check (GREASE)
• Postgres und MySQL STARTTLS support, MongoDB support
• Decodes BIG IP F5 Cookie
• Fully OpenBSD and LibreSSL support
• Missing SAN warning
• Man page
• Better error msg suppression (not fully installed OpenSSL)
• DNS over Proxy and other proxy improvements
• Better JSON output: renamed IDs and findings shorter/better parsable
• JSON output now valid also for non-responsing servers
• Added support for private CAs
• Exit code now 0 for running without error
• ROBOT check
• Better extension support
• Better OpenSSL 1.1.1 support
• Supports latest and greatest version of TLS 1.3, shows drafts supported

Semoga Bermanfaat jangan lupa untuk visit blog yang lain : https://tips-tickindonesia.blogspot.com

Source : https://www.linuxsec.org/