Open-source tools for security checks

Open-Source Tools for Security Checks

Use multiple tools; each sees different issues.

CLI scanners

• testssl. sh: deep TLS scan.
• sslscan/sslyze: protocol/cipher analysis.
• nmap scripts (ssl-enum-ciphers, http-security-headers).

Header/CSP helpers

• Mozilla Observatory (scanner + guidance).
• OWASP Dependency-Check/ZAProxy for broader testing.

Workflow

• Automate scans in CI; fail on regressions.
• Keep a baseline and track changes after deploys.

TL;DR

Combine a few well‑known open‑source tools to cover TLS, headers, and app checks without breaking the bank.

5‑minute checklist

• TLS scan: nmap --script ssl-enum-ciphers -p 443 domain.tld
• Headers: fetch and review with curl -I
• Certificate chain/expiry: openssl s_client -connect domain.tld:443
• Basic crawler for broken links: linkchecker or similar
• Automate in CI: run on every deploy and keep reports