GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jumanjihouse → docker-testssl

jumanjihouse / docker-testssl

Licence: GPL-2.0 License
http://testssl.sh/ in a tiny docker container

Programming Languages

shell
77523 projects
Dockerfile
14818 projects

Labels

dockertlshstssocketcipherscannercrimerc4poodleocsphpkpcaabigipctticketbleedsecurity-toolsheartbleedfreaklogjamdrown

Projects that are alternatives of or similar to docker-testssl

Testssl.sh
Testing TLS/SSL encryption anywhere on any port
Stars: ✭ 5,676 (+29773.68%)
Mutual labels:  tls, hsts, socket, cipher, crime, rc4, poodle, ocsp, hpkp, caa, bigip, ct, ticketbleed, heartbleed, freak, logjam, drown
tlsassistant
Fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.
Stars: ✭ 24 (+26.32%)
Mutual labels:  tls, hsts, crime, rc4, poodle, drown
Forge
A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps
Stars: ✭ 4,204 (+22026.32%)
Mutual labels:  tls, cipher
Docker Ssllabs Scan
Qualys sslabs-scan utility in a tiny docker image
Stars: ✭ 85 (+347.37%)
Mutual labels:  tls, scanner
Tls Channel
A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.
Stars: ✭ 113 (+494.74%)
Mutual labels:  tls, socket
Netcat
💻 Netcat client and server modules written in pure Javascript for Node.js.
Stars: ✭ 315 (+1557.89%)
Mutual labels:  socket, scanner
Beetlex
high performance dotnet core socket tcp communication components, support TLS, HTTP, HTTPS, WebSocket, RPC, Redis protocols, custom protocols and 1M connections problem solution
Stars: ✭ 802 (+4121.05%)
Mutual labels:  tls, socket
Goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
Stars: ✭ 11,334 (+59552.63%)
Mutual labels:  tls, socket
Af ktls
Linux Kernel TLS/DTLS Module
Stars: ✭ 124 (+552.63%)
Mutual labels:  tls, socket
Sslyze
Fast and powerful SSL/TLS scanning library.
Stars: ✭ 2,623 (+13705.26%)
Mutual labels:  tls, heartbleed
cassler
🕷️ 🕷️ 🕷️ Validate SSL Certificates around web
Stars: ✭ 55 (+189.47%)
Mutual labels:  tls, scanner
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+378.95%)
Mutual labels:  tls, hsts
smtpdane
SMTP DANE testing tool
Stars: ✭ 15 (-21.05%)
Mutual labels:  tls, ocsp
Stone
A Swift framework for connecting to Phoenix Channels in your iOS app (with Presence support).
Stars: ✭ 18 (-5.26%)
Mutual labels:  socket
30dayMakeCppServer
30天自制C++服务器,包含教程和源代码
Stars: ✭ 432 (+2173.68%)
Mutual labels:  socket
cert-manager
Automatically provision and manage TLS certificates in Kubernetes
Stars: ✭ 8,781 (+46115.79%)
Mutual labels:  tls
shadowsocks-libev-nocrypto
libev port of shadowsocks. In this fork, encryption is optional!
Stars: ✭ 24 (+26.32%)
Mutual labels:  cipher
log4shell-finder
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Stars: ✭ 22 (+15.79%)
Mutual labels:  scanner
Horus-Eye
Just Simple Code To Play With Android Payloads (;
Stars: ✭ 54 (+184.21%)
Mutual labels:  scanner
concerto
A command line tool and a library to generate TLS certificates for development purposes.
Stars: ✭ 34 (+78.95%)
Mutual labels:  tls
View All Similar Projects ➔

Test TLS/SSL of arbitrary services and ports

Overview

This repo provides docker images for testssl.sh, a free command line tool to check a service on any port for the support of TLS/SSL ciphers, protocols, recent cryptographic flaws, and more. Each image provides everything needed to run testssl.sh the way upstream intends it to be run.

Build status for master branch: Circle CI
Docker image: https://quay.io/repository/jumanjiman/testssl
Docker source: https://github.com/jumanjihouse/docker-testssl
Upstream source: https://github.com/drwetter/testssl.sh

⚠️ The latest tag at quay refers to the stable version.

How-To

Pull an already-built image

docker pull quay.io/jumanjiman/testssl

Run the image

You can run the image using the docker-compose.yaml file in this git repo:

# Show help.
docker-compose run testssl --help

# Do a limited scan with a subset of options against one host.
docker-compose run testssl --heartbleed --ip one https://www.google.com/

You can also run the image with the docker command directly:

run_opts="
-i
-t
--rm
--read-only
--cap-drop     all
--memory       100M
--pids-limit   1000
--cpu-shares   512
"

docker run ${run_opts} quay.io/jumanjiman/testssl --help

The above examples use --read-only and --cap-drop all as recommended by the CIS Docker Security Benchmarks:

Build and test images locally

⚠️ All build configuration variables are in ci/build.

On a host, such as devenv:

# Optional. Your URL may vary.
export DOCKER_HOST=tcp://192.168.254.162:2375

# Build images.
ci/build

# Run the tests.
ci/test

Note: The test harness requires Python and the pip command.

View labels

Each built image has labels that generally follow http://label-schema.org/

We add a label, ci-build-url, that is not currently part of the schema. This extra label provides a permanent link to the CI build for the image.

View the ci-build-url label on a built image:

docker inspect \
  -f '{{ index .Config.Labels "io.github.jumanjiman.ci-build-url" }}' \
  quay.io/jumanjiman/testssl

Query all the labels inside a built image:

docker inspect quay.io/jumanjiman/testssl | jq -M '.[].Config.Labels'

Contribute

Fork this repo and see CONTRIBUTING.md.

⚠️ All build configuration variables are in ci/build.

About the build

ci/build uses docker-compose to create a "base" image that contains the statically-linked version of openssl from https://testssl.sh/. From the common base, ci/build creates two runtime images:

  • stable version of the testssl.sh script
  • dev version of the testssl.sh script

When the build happens against the master branch on CircleCI, the ci/publish script pushes both the stable and dev images to Quay.io. It also pushes a "latest" tag, which refers to the stable version.

Stale tags

Old images tend to have vulnerabilities.
Quay has a feature to use a special label, quay.expires-after, to expire tags. This repo applies the label to images so that old images get deleted automatically.

See https://support.coreos.com/hc/en-us/articles/115001384693-Tag-Expiration for more information about the Quay feature.
See src/Dockerfile for the current value of the label.

⚠️ This is a Quay feature, not a docker feature.

Operational status of SaaS providers

CircleCI: http://status.circleci.com/

Quay registry: http://status.quay.io/

License

This repo, testssl, and openssl are licensed under the GPLv2. See LICENSE.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].