git404hub

what is testssl.sh fr?

testssl/testssl.sh — explained in plain English

Analysis updated 2026-06-24

9,033ShellAudience · ops devopsComplexity · 1/5LicenseSetup · easy

tl;dr

testssl.sh is a Bash script that checks any server's TLS and SSL configuration, supported protocol versions, cipher suites, and known security weaknesses, with no installation or dependencies beyond standard Unix tools.

vibe map

mindmap
  root((testssl.sh))
    What it does
      Checks TLS config
      Finds weak ciphers
      Color-coded output
    Scope
      Any port any service
      Web mail custom TCP
    Output Formats
      JSON CSV HTML
      Plain terminal text
    Use Cases
      Web server audit
      Mail server check
      CI pipeline scanning
    Requirements
      Bash only
      No install needed

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Audit your web server's HTTPS configuration from the command line to find outdated protocol versions or weak cipher suites

VIBE 2

Check TLS on a mail server's SMTP or IMAP port, not just port 443, to catch security gaps in non-web services

VIBE 3

Export results as JSON or CSV and feed them into an automated CI pipeline to catch TLS regressions before deployment

VIBE 4

Run a one-off TLS health check on any hostname and port with no installation step, package manager, or root access needed

what's the stack?

ShellBashOpenSSL

how it stacks up fr

testssl/testssl.shguarinogabriel/mac-clikylemanna/docker-openvpn
Stars9,0339,0769,078
LanguageShellShellShell
Setup difficultyeasyeasymoderate
Complexity1/51/53/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min
Free to use and share, but any modified version you distribute must also be released under the same GPLv2 license.

in plain english

testssl.sh is a command-line script that checks the TLS and SSL configuration of any server on any port. You point it at a hostname and port number, and it reports which protocol versions are supported, which cipher suites are available, and whether any known cryptographic weaknesses are present. The output is color-coded so you can see at a glance what is acceptable and what should be addressed. The script requires only Bash and standard Unix tools like sed and awk. There is nothing to install or compile, and no package manager dependencies. It works on Linux, macOS, FreeBSD, and Windows via WSL2 or Cygwin. A Docker image is also available. Any version of OpenSSL or LibreSSL will work, the script no longer depends on specific OpenSSL capabilities for most of its checks. A notable characteristic is that it is not limited to web servers on port 443. It can check any service that uses TLS, including mail servers running SMTP, IMAP, or POP3, database ports, and custom TCP services. This makes it useful for auditing infrastructure beyond typical HTTPS endpoints. Output can be saved in several formats: plain terminal text, CSV, two different JSON variants, and HTML. The machine-readable formats make it practical to feed testssl.sh output into automated scanning pipelines or continuous integration checks. The project runs under the GPLv2 license. The README notes that if you offer a public or paid scanning service built on testssl.sh, you are strongly encouraged to attribute the tool to maintain awareness and support for the project. Development currently happens in a branch called 3.3dev, which is the path toward a future stable release. The current stable version is 3.2.

prompts (copy fr)

prompt 1
Run testssl.sh against my server at example.com port 443 and explain what each color-coded finding in the output means for my site's security.
prompt 2
Show me how to use testssl.sh to check my mail server's SMTP TLS on port 587 and interpret the cipher suite results it reports.
prompt 3
Help me write a CI job that runs testssl.sh against my server and fails the build if any critical TLS vulnerabilities are detected, outputting results as JSON.
prompt 4
I need to scan 20 servers with testssl.sh and save a separate report for each one, show me a shell script that loops over hostnames and saves per-host HTML reports.

Frequently asked questions

what is testssl.sh fr?

testssl.sh is a Bash script that checks any server's TLS and SSL configuration, supported protocol versions, cipher suites, and known security weaknesses, with no installation or dependencies beyond standard Unix tools.

What language is testssl.sh written in?

Mainly Shell. The stack also includes Shell, Bash, OpenSSL.

What license does testssl.sh use?

Free to use and share, but any modified version you distribute must also be released under the same GPLv2 license.

How hard is testssl.sh to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is testssl.sh for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.