testssl.sh
tinyssh
Our great sponsors
| testssl.sh | tinyssh | |
|---|---|---|
| 43 | 8 | |
| 7,628 | 1,389 | |
| - | - | |
| 8.8 | 5.0 | |
| 10 days ago | 5 days ago | |
| Shell | C | |
| GNU General Public License v3.0 only | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
testssl.sh
-
Badssl.com
You’re in luck because such a tool exists :) https://testssl.sh/
- Testing TLS/SSL Encryption
-
Uncertain how to proceed with patching SSL and TLS issues in MacOS (Sweet32)
Run https://testssl.sh/ and see what ciphers are being offered.
-
Changing SSL Wildcard Certificate
There is https://github.com/drwetter/testssl.sh utility. It can help diagnose issues (e.g. diffs between working and non-working sites).
- Specific SSL Ciphers Test
-
SSL Diag Tool
For internal use, there's https://testssl.sh/
-
Dovecot not offering TLSv1.2 after a few minutes
The current configuration allows for TLSv1 to TLSv1.3 connections. I can verify those using testssl.sh, the tests will succeed (although correctly mentioning, that TLSv1 and TLSv1.1 should be disabled). Running the tests again after about 5 minutes, the results are different. TLSv1.2 now shows "not offered and downgraded to a weaker protocol".
- How to combine pem file and 3 security certificates?
- oggi 2022-11-01 verrà rilasciata una vulnerabilità di livello CRITICAL su OpenSSL 3.0.x
-
alternative to whatsmychaincert.com cli or gui
testssl.sh
tinyssh
-
Ldd /usr/sbin/sshd – Alpine vs. Ubuntu for exploitability of CVE-2024-3094
While on topic of sshd having minimal dependencies, shout-out to Jan Mojžíš and his minimalist implementation:
https://github.com/janmojzis/tinyssh/
- Tinyssh
-
Large scale Internet SSH brute force attacks seem to have stopped here
> [after] hardening steps [...] most of the bots can't even negotiate a connection
Yep, same here, except I'm using [tinyssh], which organically does not support anything other than ed25519/curve25519, sha256, and chacha-poly.
[tinyssh] https://tinyssh.org/
-
OpenSSH 8.9
djb suggested that for openssh instead of the tinydns kex, so tinydns switched also:
https://github.com/janmojzis/tinyssh/issues/50
- tinyssh
- FreeBSD SSH Hardening
What are some alternatives?
https-ssl-cert-check-zabbix - Script to check validity and expiration of TLS/SSL certificate on hosts. May be used with Zabbix or standalone.
dropbear - Dropbear SSH
kubernetes-the-hard-way - Bootstrap Kubernetes the hard way. No scripts.
ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
server-side-tls - Server side TLS Tools
Samba - https://gitlab.com/samba-team/samba is the Official GitLab mirror of https://git.samba.org/samba.git -- Merge requests should be made on GitLab (not on GitHub)
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
yubikey-agent - yubikey-agent is a seamless ssh-agent for YubiKeys.
OpenSSL - TLS/SSL and crypto library
ssh-tarpit - SSH tarpit that slowly sends an endless banner