Testing Security Encrypt SSL With TestSSL.sh  - hello welcome back to my blog Hackcuih.com kali ini saya akan membagikan tools untuk menguji keamanan enkripsi SSL dengan testssl.sh yang telah di sebarkan oleh LINUXSEC.org.

Baca Juga : Melayani Jasa Penetration Testing Website Jakarta


Apa Saja Fitur yang ada didalam tools tersebut ? 

berikut adalah fitur pada tools tersebut : 

  • Clear output: you can tell easily whether anything is good or bad
  • Ease of installation: It works for Linux, OSX/Darwin, FreeBSD, NetBSD, OpenBSD (needs bash) and MSYS2/Cygwin out of the box: no need to install or to configure something. No gems, CPAN, pip or the like/
  • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
  • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
  • Reliability: features are tested thoroughly
  • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
  • Privacy: It's only you who sees the result, not a third party
  • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.
  • Heck, even the development is open (github)

BACA JUGA : Hacker Asal Indonesia Berhasil Meretas Aplikasi Gojek

Bagaimana Cara Install Tersebut ?


berikut adalah cara install tools testssl.sh cukup mudah tapi sebelumnya kalian pastikan dependasinya sudah terinstall 
  • SSL
  • GIT
berikut adalah caranya : 

git clone --depth 1 https://github.com/drwetter/testssl.sh.git

Bagaimana Cara Menggunakannya ? 

cara menggunakan tools testssl.sh ini cukup mudah dengan cara : 

./testssl.sh https://domain.com
nanti hasilnya akan seperti gambar dibawah ini :

Testing Security Encrypt SSL With TestSSL.sh


 jika kalian masih bingung dengan command command pada tools testssl.sh ini kalian bisa menggunakan command dibawah ini :

./testssl.sh --help
 Realese Tools 2.9dev :

  • Using bash sockets where ever possible --> better detection of ciphers, independent on the openssl version used.
  • Testing 364 default ciphers (testssl.sh -e/-E) with a mixture of sockets and openssl. Same speed as with openssl only but additional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
  • Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness),
  • TLS 1.2 protocol check via socket in production
  • Finding more TLS extensions via sockets
  • TLS Supported Groups Registry (RFC 7919), key shares extension
  • Non-flat JSON support
  • File output (CSV, JSON flat, JSON non-flat) supports a minimum severity level (only above supplied level there will be output)
  • Support of supplying timeout value for openssl connect -- useful for batch/mass scanning
  • Parallel mass testing (!)
  • File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
  • Native HTML support instead going through 'aha'
  • Better formatting of output (indentation)
  • Choice showing the RFC naming scheme only
  • LUCKY13 and SWEET32 checks
  • Check for vulnerability to Bleichenbacher attacks
  • Ticketbleed check
  • Decoding of unencrypted BIG IP cookies
  • LOGJAM: now checking also for known DH parameters
  • Check for CAA RR
  • Check for OCSP must staple
  • Check for Certificate Transparency
  • Expect-CT Header Detection
  • Check for session resumption (Ticket, ID)
  • TLS Robustness check (GREASE)
  • Postgres und MySQL STARTTLS support, MongoDB support
  • Decodes BIG IP F5 Cookie
  • Fully OpenBSD and LibreSSL support
  • Missing SAN warning
  • Man page
  • Better error msg suppression (not fully installed OpenSSL)
  • DNS over Proxy and other proxy improvements
  • Better JSON output: renamed IDs and findings shorter/better parsable
  • JSON output now valid also for non-responsing servers
  • Added support for private CAs
  • Exit code now 0 for running without error
  • ROBOT check
  • Better extension support
  • Better OpenSSL 1.1.1 support
  • Supports latest and greatest version of TLS 1.3, shows drafts supported
Semoga Bermanfaat jangan lupa untuk visit blog yang lain : https://mrwho-404.blogspot.com/ 

Post a Comment

http://www.hackcuih.com/ akan terus berkembang dan akan membagikan artikel menarik lainnya.

Previous Post Next Post