What other/similar analyzers are out there?

stefanorri · on Feb 11, 2016

HTTPSecurityReport - https://httpsecurityreport.com - Disclaimer: I'm the creator.

Site Scan from MS - https://dev.windows.com/en-us/microsoft-edge/tools/staticsca...

Subresource Integrity scanner - https://sritest.io/

newman314 · on Feb 11, 2016

Maybe you can add HTTP2/SPDY detection too. BTW your HSTS test does not verify if the format/syntax is correct.

--

These are all good but I would include the following:

Qualys SSL Server Test - The first site I use.

testssl.sh - for behind the fireware testing

https://tls.imirhil.fr/ - this one is nice because it shows the ciphers used/avail broken down by TLS version. I have not seen any other site do this.

Beowolve · on Feb 11, 2016

Thanks for these! I like that yours covered a lot more than the one OP posted.

stefanorri · on Feb 11, 2016

Thanks, glad to hear it!

mwpmaybe · on Feb 11, 2016

HTTPSecurityReport is great! Thank you!

mattvot · on Feb 11, 2016

For SSL from Qualys, Inc https://www.ssllabs.com/ssltest/

tanthony01 · on Feb 11, 2016

Last I checked, Qualys only scanned port 443. I like testssl.sh - you can point it at arbitrary ports:

https://testssl.sh/ https://github.com/drwetter/testssl.sh

stefanorri · on Feb 11, 2016

testssl.sh is also great for testing internal servers which aren't internet accessible.

finnn · on Feb 11, 2016

https://ssl-tools.net/ is nice because it will continously retest and email you if there's a problem. Also does mail servers

cmcnally · on Feb 11, 2016

https://mxtoolbox.com/ can give some decent information when setting up a mail server.

Scott_Helme_ · on Feb 11, 2016

There's also https://starttls.info/ which will check mail server configurations.

mwpmaybe · on Feb 15, 2016

Huh, comes up with a cert warning. Looks like it's expired.