testssl.sh testenvironment

.gitignore

!*.log

docker-compose.yml

version: '3.4'
services:
  testssl.sh:
    container_name: testssl.sh
    hostname: testssl
    build: ./
    volumes:
      - ./input:/home/testssl/input
      - ./reports:/home/testssl/reports

Dockerfile

# Copy from https://raw.githubusercontent.com/drwetter/testssl.sh/2.9dev/Dockerfile
FROM alpine:latest

RUN apk update && \
  apk upgrade && \
  apk add bash procps drill git coreutils && \
  apk add --no-cache curl

RUN addgroup testssl && \
  adduser -G testssl -g "testssl user"  -s /bin/bash -D testssl && \
  ln -s /home/testssl/testssl.sh /usr/local/bin/

USER testssl
WORKDIR /home/testssl/

RUN git clone --depth=1 https://github.com/drwetter/testssl.sh.git .

ENTRYPOINT ["testssl.sh"]

CMD ["--help"]

linux.com_p443-20190401-1308.csv

result.log

$ docker-compose run testssl.sh --file input/linux.com
Creating network "labbo_default" with the default driver
Building testssl.sh
Step 1/8 : FROM alpine:latest
 ---> 196d12cf6ab1
Step 2/8 : RUN apk update &&   apk upgrade &&   apk add bash procps drill git coreutils &&   apk add --no-cache curl
 ---> Using cache
 ---> 711089b21d07
Step 3/8 : RUN addgroup testssl &&   adduser -G testssl -g "testssl user"  -s /bin/bash -D testssl &&   ln -s /home/testssl/testssl.sh /usr/local/bin/
 ---> Using cache
 ---> 86e533c6c0ec
Step 4/8 : USER testssl
 ---> Using cache
 ---> 40334c0bbd3e
Step 5/8 : WORKDIR /home/testssl/
 ---> Using cache
 ---> 86a640c5161e
Step 6/8 : RUN git clone --depth=1 https://github.com/drwetter/testssl.sh.git .
 ---> Using cache
 ---> eb6b868eb00d
Step 7/8 : ENTRYPOINT ["testssl.sh"]
 ---> Using cache
 ---> 31d1c85cfff5
Step 8/8 : CMD ["--help"]
 ---> Using cache
 ---> b2bf9b986fae

Successfully built b2bf9b986fae
Successfully tagged labbo_testssl.sh:latest
WARNING: Image for service testssl.sh was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.

###########################################################
    testssl.sh       3.0rc4 from https://testssl.sh/dev/
    (742e01e 2019-03-25 00:12:55 -- )

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
 on testssl:$PWD/bin/openssl.Linux.x86_64
 (built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")


====== Running in file batch mode with file="input/linux.com" ======

========================================
/usr/local/bin/testssl.sh --warnings=batch -H --csvfile reports linux.com
/usr/local/bin/testssl.sh: line 894: reports/linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 895: reports/linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 896: reports/linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 897: reports/linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 898: reports/linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 899: reports/linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 904: reports/linux.com_p443-20190401-1308.csv: No such file or directory

Testing all IPv4 addresses (port 443): 151.101.193.5 151.101.129.5 151.101.65.5 151.101.1.5
-----------------------------------------------------
 Start 2019-04-01 13:08:36        -->> 151.101.193.5:443 (linux.com) <<--

 Further IP addresses:   151.101.129.5 151.101.65.5 151.101.1.5 
 rDNS (151.101.193.5):   --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:08:39 [   5s] -->> 151.101.193.5:443 (linux.com) <<--

-----------------------------------------------------
 Start 2019-04-01 13:08:40        -->> 151.101.129.5:443 (linux.com) <<--

 Further IP addresses:   151.101.193.5 151.101.65.5 151.101.1.5 
 rDNS (151.101.129.5):   --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:08:43 [   9s] -->> 151.101.129.5:443 (linux.com) <<--

-----------------------------------------------------
 Start 2019-04-01 13:08:43        -->> 151.101.65.5:443 (linux.com) <<--

 Further IP addresses:   151.101.193.5 151.101.129.5 151.101.1.5 
 rDNS (151.101.65.5):    --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:08:46 [  12s] -->> 151.101.65.5:443 (linux.com) <<--

-----------------------------------------------------
 Start 2019-04-01 13:08:46        -->> 151.101.1.5:443 (linux.com) <<--

 Further IP addresses:   151.101.193.5 151.101.129.5 151.101.65.5 
 rDNS (151.101.1.5):     --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:08:49 [  15s] -->> 151.101.1.5:443 (linux.com) <<--

-----------------------------------------------------
Done testing now all IP addresses (on port 443): 151.101.193.5 151.101.129.5 151.101.65.5 151.101.1.5

========================================
/usr/local/bin/testssl.sh --warnings=batch -H --csvfile reports https://www.linux.com:443
/usr/local/bin/testssl.sh: line 894: reports/www.linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 895: reports/www.linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 896: reports/www.linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 897: reports/www.linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 898: reports/www.linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 899: reports/www.linux.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 904: reports/www.linux.com_p443-20190401-1308.csv: No such file or directory

 Start 2019-04-01 13:08:51        -->> 151.101.85.5:443 (www.linux.com) <<--

 rDNS (151.101.85.5):    --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:08:54 [   5s] -->> 151.101.85.5:443 (www.linux.com) <<--


========================================
/usr/local/bin/testssl.sh --warnings=batch -H --jsonfile reports --logfile reports --htmlfile reports --csvfile reports https://www.freebsd.com:443
/usr/local/bin/testssl.sh: line 894: reports/www.freebsd.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 895: reports/www.freebsd.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 896: reports/www.freebsd.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 897: reports/www.freebsd.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 898: reports/www.freebsd.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 899: reports/www.freebsd.com_p443-20190401-1308.csv: No such file or directory
/usr/local/bin/testssl.sh: line 904: reports/www.freebsd.com_p443-20190401-1308.csv: No such file or directory

Testing all IPv4 addresses (port 443): 18.207.52.84 54.89.43.110 35.172.243.120
-----------------------------------------------------
 Start 2019-04-01 13:08:56        -->> 18.207.52.84:443 (www.freebsd.com) <<--

 Further IP addresses:   54.89.43.110 35.172.243.120 
 rDNS (18.207.52.84):    --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:09:04 [  10s] -->> 18.207.52.84:443 (www.freebsd.com) <<--

-----------------------------------------------------
 Start 2019-04-01 13:09:04        -->> 54.89.43.110:443 (www.freebsd.com) <<--

 Further IP addresses:   18.207.52.84 35.172.243.120 
 rDNS (54.89.43.110):    --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:09:13 [  19s] -->> 54.89.43.110:443 (www.freebsd.com) <<--

-----------------------------------------------------
 Start 2019-04-01 13:09:13        -->> 35.172.243.120:443 (www.freebsd.com) <<--

 Further IP addresses:   18.207.52.84 54.89.43.110 
 rDNS (35.172.243.120):  --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:09:22 [  28s] -->> 35.172.243.120:443 (www.freebsd.com) <<--

-----------------------------------------------------
Done testing now all IP addresses (on port 443): 18.207.52.84 54.89.43.110 35.172.243.120

testssl.sh

  /c/Users/sdaa/Repos/testssl.sh:
  total used in directory 16 available 105083584
  drwxrwxrwx 1 sdaa sdaa 4096 Apr  1 15:20 .
  drwxrwxrwx 1 sdaa sdaa 4096 Apr  1 15:20 ..
  drwxrwxrwx 1 sdaa sdaa 4096 Apr  1 15:20 .git
  -rw-rw-rw- 1 sdaa sdaa    7 Apr  1 15:14 .gitignore
  -rw-rw-rw- 1 sdaa sdaa  511 Apr  1 15:05 Dockerfile
  -rw-rw-rw- 1 sdaa sdaa  196 Apr  1 15:05 docker-compose.yml
  drwxrwxrwx 1 sdaa sdaa 4096 Apr  1 15:20 input
  drwxrwxrwx 1 sdaa sdaa 4096 Apr  1 15:08 reports
  -rw-rw-rw- 1 sdaa sdaa 8544 Apr  1 15:12 result.log

www.freebsd.com_p443-20190401-1308.csv

www.freebsd.com_p443-20190401-1308.html

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- This file was created with testssl.sh. https://testssl.sh -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xml+xhtml; charset=UTF-8" />
<title>testssl.sh</title>
</head>
<body>
<pre>

## Scan started as: "testssl.sh --warnings=batch -H --jsonfile reports --logfile reports --htmlfile reports --csvfile reports https://www.freebsd.com:443"
## at testssl:$PWD/bin/openssl.Linux.x86_64
## version testssl: 3.0rc4 742e01e from 2019-03-25
## version openssl: "OpenSSL 1.0.2-chacha" from "Jan 18 17:12:17 2019")

<span style="font-weight:bold;">Testing all IPv4 addresses (port 443): </span>18.207.52.84 54.89.43.110 35.172.243.120
-----------------------------------------------------
<span style="color:white;background-color:black;"> Start 2019-04-01 13:08:56        --&gt;&gt; 18.207.52.84:443 (www.freebsd.com) &lt;&lt;--</span>

 Further IP addresses:   54.89.43.110 35.172.243.120 
 rDNS (18.207.52.84):    --
 Service detected:       HTTP


<span style="text-decoration:underline;font-weight:bold;"> Testing for heartbleed vulnerability </span>

<span style="font-weight:bold;"> Heartbleed</span> (CVE-2014-0160)                <span style="color:lime;font-weight:bold;">not vulnerable (OK)</span>, no heartbeat extension

<span style="color:white;background-color:black;"> Done 2019-04-01 13:09:04 [  10s] --&gt;&gt; 18.207.52.84:443 (www.freebsd.com) &lt;&lt;--</span>

-----------------------------------------------------
<span style="color:white;background-color:black;"> Start 2019-04-01 13:09:04        --&gt;&gt; 54.89.43.110:443 (www.freebsd.com) &lt;&lt;--</span>

 Further IP addresses:   18.207.52.84 35.172.243.120 
 rDNS (54.89.43.110):    --
 Service detected:       HTTP


<span style="text-decoration:underline;font-weight:bold;"> Testing for heartbleed vulnerability </span>

<span style="font-weight:bold;"> Heartbleed</span> (CVE-2014-0160)                <span style="color:lime;font-weight:bold;">not vulnerable (OK)</span>, no heartbeat extension

<span style="color:white;background-color:black;"> Done 2019-04-01 13:09:13 [  19s] --&gt;&gt; 54.89.43.110:443 (www.freebsd.com) &lt;&lt;--</span>

-----------------------------------------------------
<span style="color:white;background-color:black;"> Start 2019-04-01 13:09:13        --&gt;&gt; 35.172.243.120:443 (www.freebsd.com) &lt;&lt;--</span>

 Further IP addresses:   18.207.52.84 54.89.43.110 
 rDNS (35.172.243.120):  --
 Service detected:       HTTP


<span style="text-decoration:underline;font-weight:bold;"> Testing for heartbleed vulnerability </span>

<span style="font-weight:bold;"> Heartbleed</span> (CVE-2014-0160)                <span style="color:lime;font-weight:bold;">not vulnerable (OK)</span>, no heartbeat extension

<span style="color:white;background-color:black;"> Done 2019-04-01 13:09:22 [  28s] --&gt;&gt; 35.172.243.120:443 (www.freebsd.com) &lt;&lt;--</span>

-----------------------------------------------------
<span style="font-weight:bold;">Done testing now all IP addresses (on port 443): </span>18.207.52.84 54.89.43.110 35.172.243.120

</pre>
</body>
</html>

www.freebsd.com_p443-20190401-1308.json

[
         {
              "id"           : "service",
              "ip"           : "www.freebsd.com/18.207.52.84",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "heartbleed",
              "ip"           : "www.freebsd.com/18.207.52.84",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2014-0160",
              "cwe"          : "CWE-119",
              "finding"      : "not vulnerable, no heartbeat extension"
          }
,         {
              "id"           : "service",
              "ip"           : "www.freebsd.com/54.89.43.110",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "heartbleed",
              "ip"           : "www.freebsd.com/54.89.43.110",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2014-0160",
              "cwe"          : "CWE-119",
              "finding"      : "not vulnerable, no heartbeat extension"
          }
,         {
              "id"           : "service",
              "ip"           : "www.freebsd.com/35.172.243.120",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "heartbleed",
              "ip"           : "www.freebsd.com/35.172.243.120",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2014-0160",
              "cwe"          : "CWE-119",
              "finding"      : "not vulnerable, no heartbeat extension"
          }
,         {
              "id"           : "scanTime",
              "ip"           : "www.freebsd.com/35.172.243.120",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "28"
          }
]

www.freebsd.com_p443-20190401-1308.log

## Scan started as: "testssl.sh --warnings=batch -H --jsonfile reports --logfile reports --htmlfile reports --csvfile reports https://www.freebsd.com:443"
## at testssl:$PWD/bin/openssl.Linux.x86_64
## version testssl: 3.0rc4 742e01e from 2019-03-25
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")

Testing all IPv4 addresses (port 443): 18.207.52.84 54.89.43.110 35.172.243.120
-----------------------------------------------------
 Start 2019-04-01 13:08:56        -->> 18.207.52.84:443 (www.freebsd.com) <<--

 Further IP addresses:   54.89.43.110 35.172.243.120 
 rDNS (18.207.52.84):    --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:09:04 [  10s] -->> 18.207.52.84:443 (www.freebsd.com) <<--

-----------------------------------------------------
 Start 2019-04-01 13:09:04        -->> 54.89.43.110:443 (www.freebsd.com) <<--

 Further IP addresses:   18.207.52.84 35.172.243.120 
 rDNS (54.89.43.110):    --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:09:13 [  19s] -->> 54.89.43.110:443 (www.freebsd.com) <<--

-----------------------------------------------------
 Start 2019-04-01 13:09:13        -->> 35.172.243.120:443 (www.freebsd.com) <<--

 Further IP addresses:   18.207.52.84 54.89.43.110 
 rDNS (35.172.243.120):  --
 Service detected:       HTTP


 Testing for heartbleed vulnerability 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension

 Done 2019-04-01 13:09:22 [  28s] -->> 35.172.243.120:443 (www.freebsd.com) <<--

-----------------------------------------------------
Done testing now all IP addresses (on port 443): 18.207.52.84 54.89.43.110 35.172.243.120

www.linux.com_p443-20190401-1308.csv