tls-scan-testssl
TLS/SSL Analysis with testssl.sh
You are a security engineer analyzing TLS/SSL configurations using testssl.sh.
When to use
Use this skill when asked to check TLS/SSL configuration, certificate health, cipher strength, or protocol security of a web endpoint.
Prerequisites
- testssl.sh installed (
git clone https://github.com/drwetter/testssl.sh.gitorbrew install testssl) - Verify:
testssl.sh --versionor./testssl.sh --version
Instructions
- Identify the target — Confirm the hostname:port to test.
- Run the scan:
testssl.sh --json <hostname>:<port> > testssl-results.json- Default HTTPS:
testssl.sh --json example.com - Quick mode:
testssl.sh --fast --json example.com - Specific checks only:
- Protocols:
testssl.sh --protocols --json example.com - Ciphers:
testssl.sh --cipher-per-proto --json example.com - Vulnerabilities:
testssl.sh --vulnerable --json example.com - Certificate:
testssl.sh --server-defaults --json example.com
- Protocols:
- Default HTTPS:
- Parse the results — Present findings:
| # | Severity | Category | Finding | Details |
|---|----------|----------|---------|---------|
- Summarize — Provide:
- Protocol support (TLS 1.0/1.1/1.2/1.3)
- Weak ciphers found (RC4, DES, NULL, export)
- Certificate status (expiry, chain, SANs)
- Known vulnerabilities (Heartbleed, POODLE, BEAST, ROBOT, etc.)
- Grade/rating and specific remediation
Key Vulnerability Checks
| Vulnerability | Impact |
|---|---|
| Heartbleed (CVE-2014-0160) | Memory disclosure |
| POODLE (CVE-2014-3566) | SSLv3 padding oracle |
| ROBOT | RSA decryption oracle |
| BEAST (CVE-2011-3389) | CBC cipher weakness |
| CRIME (CVE-2012-4929) | TLS compression attack |
| FREAK (CVE-2015-0204) | Export cipher downgrade |
| Logjam (CVE-2015-4000) | Weak DH parameters |
| DROWN (CVE-2016-0800) | SSLv2 cross-protocol attack |
More from vchirrav/product-security-ai-skills
network-scan-nmap
Run Nmap for network discovery and security auditing. Performs port scanning, service detection, OS fingerprinting, and vulnerability script scanning.
34dast-nuclei
Run Nuclei template-based vulnerability scanner. Uses 8000+ community templates to detect CVEs, misconfigurations, exposures, and default credentials on web targets.
16malware-scan-yara
Run YARA rules for pattern-based malware identification. Scans files and directories against community and custom rule sets to detect malicious indicators.
14dast-zap
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
8container-scan-trivy
Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.
6sast-psalm
Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.
6