This tool install is based on the existence of virtualenv.
apt update
apt install python3-virtualenvNote on virtualenv usage:
- these containers are used to allow conflicting dependency installs to live side by side harmoniously
- activate / deactivate dependency containers for proper usage
- prompt# source demo-env/bin/activate
- prompt(demo-env)# deactivate
- with screen/tmux, multiple dependency containers can be activated at the same time
TestSSL.sh
Overview: Test SSL and TLS protocols.
Possible Blurb:
The tool used for this phase of vulnerability testing was testssl.sh. This tool was designed to enumerate protocols and ciphers that provide the SSL and TLS wrappers for securing various communication protocols. The primary protocol requiring SSL and TLS wrappers is HTTP, however file transfer protocol (FTP), secure mail transfer protocol (SMTP), and lightweight directory access protocol (LDAP). These tests are generally intended to enumerate ciphers in a manner similar to the vulnerability scanner.
Installation
cd /opt
git clone --depth 1 https://github.com/drwetter/testssl.sh.git
cd testssl.shBasic Usage:
Always test by fully-qualified hostname when you can. If you test by the IP address or an incomplete hostname, the tool will report an untrusted certificate, which may not be accurate.
./testssl.sh --warnings=off $hostname > ${hostname}.ssltest 2>> error.txtThose results can be analyzed with ag. But wait, what the heck is ag? SilverSearcher-ag
RC4: ag RC4 | grep -i vulnerable | cut -d' ' -f -2,5- | tr -s ' '
TLS: ag TLS | grep deprecated | tr -s ' '
SWEET32: ag SWEET32 | grep -i vulnerable | cut -d' ' -f -2,5- | tr -s ' '