sslyze

--keyClient private key file.

--sniUse Server Name Indication to specify the hostname to connect to. Will only affect TLS 1.0+ connections.

--certClient certificate chain filename. The certificates must be in PEM format and must be sorted starting with the subject's client certificate, followed by intermediate CA certificates if applicable.

--passClient private key passphrase.

--quietDo not output anything to stdout

--renegTest a server for for insecure TLS renegotiation and client-initiated renegotiation.

--resumTest a server for TLS 1.2 session resumption support using session IDs and TLS tickets.

--robotTest a server for the ROBOT vulnerability.

--sslv2Test a server for SSL 2.0 support.

--sslv3Test a server for SSL 3.0 support.

--tlsv1Test a server for TLS 1.0 support.

The server to scan

--keyformClient private key format. DER or PEM (default).

--tlsv1_1Test a server for TLS 1.1 support.

--tlsv1_2Test a server for TLS 1.2 support.

--tlsv1_3Test a server for TLS 1.3 support.

--xmpp_toOptional setting for STARTTLS XMPP. XMPP_TO should be the hostname to be put in the 'to' attribute of the XMPP stream. Default is the server's hostname.

--certinfoRetrieve and analyze a server's certificate(s) to verify its validity.

--fallbackTest a server for the TLS_FALLBACK_SCSV mechanism to prevent downgrade attacks.

--starttlsPerform a StartTLS handshake when connecting to the target server(s). StartTLS should be one of: auto, smtp, xmpp, xmpp_server, pop3, imap, ftp, ldap, rdp, postgres. The 'auto' option will cause SSLyze to deduce the protocol (ftp, imap, etc.) from the supplied port number, for each target servers.

--early_dataTest a server for TLS 1.3 early data support.

--heartbleedTest a server for the OpenSSL Heartbleed vulnerability.

--targets_inRead the list of targets to scan from a file. It should contain one host:port per line.

--compressionTest a server for TLS compression support, which can be leveraged to perform a CRIME attack.

--openssl_ccsTest a server for the OpenSSL CCS Injection vulnerability (CVE-2014-0224).

--http_headersTest a server for the presence of security-related HTTP headers.

--https_tunnelTunnel all traffic to the target server(s) through an HTTP CONNECT proxy. HTTP_TUNNEL should be the proxy's URL: 'http://USER:PW@HOST:PORT/'. For proxies requiring authentication, only Basic Authentication is supported.

--mozilla_configShortcut to queue various scan commands needed to check the server's TLS configurations against one of Mozilla's recommended TLS configuration. Set to 'intermediate' by default. Use 'disable' to disable this check.

--resum_attemptsTo be used with --resum. Number of session resumptions (both with Session IDs and TLS Tickets) that SSLyze should attempt. The default value is 5, but a higher value such as 100 can be used to get a more accurate measure of how often session resumption succeeds or fails with the server.

--elliptic_curvesTest a server for supported elliptic curves.

--slow_connectionGreatly reduce the number of concurrent connections initiated by SSLyze. This will make the scans slower but more reliable if the connection between your host and the server is slow, or if the server cannot handle many concurrent connections. Enable this option if you are getting a lot of timeouts or errors.

--certinfo_ca_fileTo be used with 'certinfo'. File containing root certificates in PEM format that will be used to verify the validity of the server's certificate.