testssl icon

Gomovies Malayalam Movie Athiran Better May 2026


testssl.sh

is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.

Gomovies Malayalam Movie Athiran Better May 2026

The film borrows heavily from the gothic horror tradition. The asylum itself is a character—fog-laden, isolated, and claustrophobic. The cinematography by Anu Moothedath utilizes the mist and shadows of the hill station to create a sense of unease that persists throughout the runtime. The lack of jump scares (a cheap tactic) and the reliance on psychological tension make it a "better" watch for mature audiences.

The story is set in 1970s Kerala and revolves around Dr. M. K. Nair (Fahadh Faasil), a dedicated psychiatrist who is sent to a secluded mental asylum on a hill station to inspect the facility. The asylum is run by the enigmatic Dr. Benjamin (Atul Kulkarni).

The focal point of Dr. Nair’s inspection is a patient named Nithya (Sai Pallavi), who has been kept in solitary confinement for years. As Dr. Nair begins his evaluation, he realizes that Nithya is not just another patient; she possesses insights that threaten the very foundation of the asylum. The narrative spirals into a cat-and-mouse game where the lines between the doctor, the patient, and the observer begin to blur.

This is where Athiran proves it is a better film intellectually. The first half builds a classic horror-thriller premise: a mysterious, catatonic patient (played brilliantly by Sai Pallavi), a remote facility, and a doctor who suspects foul play.

(2019), directed by Vivek, is a standout psychological thriller in Malayalam cinema that transcends the typical boundaries of the genre through its atmospheric storytelling and stellar performances. Starring Fahadh Faasil and Sai Pallavi, the film is a masterclass in building tension and mystery within a confined setting. Atmospheric World-Building

The film's greatest strength is its immersion. Set in a secluded mental asylum in the misty hills of the Western Ghats during the 1970s, the cinematography and sound design create a sense of claustrophobia and dread. The isolated location serves as a character itself, keeping the audience on edge as Dr. MK Nair (Fahadh Faasil) investigates the mysterious patients and the even more mysterious doctor (Atul Kulkarni) running the facility. Nuanced Performances

Fahadh Faasil: As Dr. Nair, Faasil delivers a controlled, intellectual performance. His ability to convey curiosity and underlying suspicion through subtle facial expressions anchors the film's realism.

Sai Pallavi: Playing Nithya, a patient who communicates through the traditional martial art of Kalarippayattu, Pallavi is extraordinary. Her performance is largely non-verbal, relying on physical grace and haunting intensity to tell her tragic story. Narrative Depth and Cultural Integration

What makes Athiran "better" than a standard slasher or mystery is its integration of Kerala’s cultural heritage. By using Kalaripayattu not just as a stunt but as a core plot element and a means of emotional expression, the movie gains a unique identity. The script balances the "whodunit" aspect with a deep dive into trauma and the thin line between sanity and madness. The Twist and Pacing

While some critics noted similarities to Western psychological thrillers like Shutter Island, Athiran carves its own path by rooting its resolution in personal vengeance and local lore. The pacing is deliberate—slow at first to establish the eerie environment, then escalating into a high-stakes climax that rewards the viewer’s patience.

ConclusionAthiran is more than just a movie to watch on a streaming platform; it is a sensory experience. Through its haunting visuals, the chemistry of its leads, and a script that respects the audience's intelligence, it remains a benchmark for how Malayalam cinema can take global tropes and make them feel entirely local and fresh.

In the flickering blue light of a dusty laptop screen, stared at the search bar. He had typed it out like a spell: "gomovies malayalam movie athiran better."

He wasn’t just looking for a stream; he was looking for a version of reality where the ending made more sense.

had left him haunted—the mist of the Kerala hills, the claustrophobic stone walls of the asylum, and the unsettling silence of Nitya.

As the page loaded, the usual flurry of pop-ups erupted like digital fireworks. He clicked "X" on a suspicious betting site and "Cancel" on a fake software update. Finally, the player appeared. But this wasn't the theatrical cut. The runtime was thirty minutes longer. Nandu pressed play.

The story on screen began to shift. In this "better" version, the psychological layers peeled back differently. Dr. Sai was no longer just a suspicious outsider; the camera lingered on his hands, showing a rhythmic tapping that matched Nitya’s own secret code.

The story followed a young woman named Meera who, like Nandu, was obsessed with finding the "true" version of the film. She believed the director had hidden a confession within the frames—a map to a real-life asylum that vanished from the maps in 1972.

As Meera traveled deeper into the cinematic mystery on Nandu's screen, the air in Nandu’s own room grew cold. He realized the background noise in the movie—the scratching of a pen on paper—wasn't coming from his speakers. It was coming from the corner of his room.

He looked down at his keyboard. The search bar had changed. It no longer read his query. Instead, it was typing by itself, letter by letter, in a jagged font: "ARE YOU WATCHING CLOSELY?"

Nandu realized that "better" didn't mean a happier ending. It meant a more immersive one. The screen began to bleed a thick, cinematic mist that smelled of damp pine and old medicine, spilling over his desk and onto his floor. He reached for the power button, but his hand froze. On the screen,

turned around and looked directly into the camera. She wasn't

anymore. She had Nitya’s wide, vacant eyes. She pointed a finger toward the "Exit" button on the browser, but it was grayed out. The story of the "better"

wasn't a movie at all. It was a doorway. And Nandu had just invited the asylum in. continue the story with what Nandu finds in the mist, or should we rewrite the ending to be a different genre?

Title: Beyond the Screen: Why Watching Malayalam Movie ‘Athiran’ is Better Than the Piracy Experience of GoMovies gomovies malayalam movie athiran better

In the digital age, the way we consume cinema has undergone a radical transformation. Streaming platforms have brought movies from the theater to our fingertips, but this convenience has also birthed a shadow industry of piracy websites like GoMovies. For Malayalam cinema enthusiasts, sites like these often present a tempting shortcut to watch highly anticipated releases. However, when it comes to a film like Athiran—a 2019 Malayalam psychological thriller starring Sai Pallavi and Nandhu—the experience of watching it is intrinsically linked to its quality. While GoMovies offers the allure of "free" content, watching Athiran through legitimate means is objectively "better" not only for ethical reasons but because the film’s artistic integrity demands a viewing experience that piracy simply cannot provide.

To understand why the legitimate experience is superior, one must first understand the nature of Athiran itself. Directed by Vivek, the film is set in an isolated, eerie mental asylum. It is a genre film that relies heavily on atmosphere, sound design, and the subtle nuances of its lead actors. Sai Pallavi’s portrayal of a patient with a mysterious past is riveting, relying on micro-expressions and body language that can easily be lost in a low-resolution print. A film like this is not merely a sequence of plot points; it is a sensory experience designed to evoke claustrophobia and tension. When a viewer opts for GoMovies, they are often subjected to compressed video files, buffering issues, and distorted audio. The shadows that are meant to hide the asylum’s secrets often turn into pixelated blocks in a pirated copy, effectively killing the suspense that the director painstakingly crafted.

Furthermore, the viewing environment of a legitimate platform enhances the narrative impact of Athiran. The movie revolves around the concept of mental health, confinement, and the supernatural. It demands the viewer’s undivided attention. Official streaming platforms like Amazon Prime Video (where Athiran is officially hosted) offer high-definition visuals and clear sound without the intrusive interruptions that plague piracy sites. On GoMovies, the viewing experience is often marred by aggressive pop-up ads, redirects to malicious sites, and watermarks that obscure the action. These distractions break the immersion, reducing a gripping thriller into a frustrating exercise in closing browser tabs. To truly appreciate the crescendo of G. Sreeram’s cinematography or the tension in the background score, one needs the clean, uninterrupted playback that only legal sources provide.

Beyond the technical aspects, there is the critical matter of supporting the art form. Malayalam cinema has carved a niche for itself in the Indian film industry by prioritizing content over star power, and Athiran is a product of this ecosystem. When audiences choose to watch the film on an official platform, they contribute to the revenue model that allows producers to greenlight more such unique projects. Conversely, downloading or streaming the movie from GoMovies is a disservice to the hundreds of technicians, background artists, and creative professionals who worked on the film. The "better" choice is one that acknowledges the labor behind the lens. By paying for a subscription or a ticket, the viewer validates the effort of Sai Pallavi and the crew, ensuring they have the resources to create more compelling cinema in the future.

Finally, the narrative of Athiran itself serves as a meta-commentary on the importance of perception versus reality. The film plays with the audience’s mind, blurring the lines between what is real and what is a hallucination. To fully engage with this narrative puzzle, the viewer needs a clear window into the story. A pirated version is like looking through a cracked, dirty window; the view is obscured, and the details are lost. The twist in the climax of Athiran lands with a heavy emotional impact only if the journey leading up to it is experienced in its intended

Athiran (2019) is a highly regarded Malayalam psychological thriller starring Fahadh Faasil and Sai Pallavi, focusing on a doctor investigating an isolated psychiatric asylum. While the search term relates to third-party streaming, the film is known for its atmospheric tension, directed by Vivek. Read the full story at 13.59.141.20/gomovies-malayalam-movie-athiran-better. AI responses may include mistakes. Learn more

The Malayalam film is a psychological thriller set in the late 1960s, following a psychiatric doctor who uncovers dark secrets at an isolated asylum. While it draws inspiration from international films like Shutter Island A Cure for Wellness , it is deeply rooted in Kerala’s cultural landscape. The Story of Athiran The narrative begins with Dr. M.K. Nair

(played by Fahadh Faasil), a psychiatrist sent by the Medical Council to inspect an enigmatic mental asylum situated in a remote, misty hillside. The facility is run by the eccentric Dr. Benjamin

(Atul Kulkarni), who practices unconventional methods of treatment. The Mystery Patient : During his stay, Dr. Nair discovers

(Sai Pallavi), a patient kept in extreme isolation. Unlike the others, she is skilled in Kalarippayattu

(a traditional martial art) and appears to be more than just a victim of mental illness. The Investigation

: Dr. Nair's professional inspection quickly turns into a personal investigation. He suspects that Benjamin is hiding a sinister history involving the asylum's residents and Nithya’s true identity.

: As Dr. Nair delves deeper, the lines between sanity and delusion blur. The story culminates in a major revelation regarding Dr. Nair's own past and his true motivations for visiting the asylum, leading to a high-stakes confrontation. Where to Watch

While sites like GoMovies are often associated with unauthorized content and frequently shut down, is available through legitimate streaming services: Official Streaming : You can watch the movie on Disney+ Hotstar

: The film was noted for its strong performances, particularly the chemistry between Fahadh Faasil and Sai Pallavi, and was considered an "Average Hit" at the box office. psychological thrillers

similar to Athiran, or would you like a deeper breakdown of the plot twists

"Gomovies Malayalam Movie Athiran Better" is a highly specific search string. It reveals two clear search intents. First, users are searching for the acclaimed 2019 Malayalam psychological thriller Athiran on file-sharing or streaming aggregation platforms like Gomovies. Second, they are exploring critical comparisons to determine if Athiran is "better" than the Hollywood movies it is often compared to, such as Stonehearst Asylum (2014) and Shutter Island (2010).

Athiran, directed by debutant Vivek and starring powerhouse performers Fahadh Faasil and Sai Pallavi, made massive waves in Indian cinema. It revived the gothic psychological thriller genre in Mollywood.

The film stands on its own merits. It is evaluated against its Hollywood counterparts, and guidance is provided on how to stream it safely and legally. The Anatomy of Athiran: What Makes It Special?

Set in the 1970s, Athiran follows Dr. M.K. Nair (Fahadh Faasil), a psychiatrist sent by the government to inspect a remote, isolated mental asylum nestled in the misty hills of Kerala. The asylum is run by the authoritarian Dr. Benjamin Diaz (Atul Kulkarni), who employs highly unconventional treatment methods.

Upon arrival, Dr. Nair discovers a sixth, unrecorded patient kept in strict isolation: Nithya (Sai Pallavi), an autistic woman with incredible martial arts skills. As Dr. Nair digs deeper into Nithya’s past and the true nature of the asylum, a complex web of deceit, trauma, and a mind-bending climax begin to unravel. Key Highlights:

(2019) is a Malayalam psychological thriller directed by Vivek Thomas Varghese . It stars Fahadh Faasil Sai Pallavi

and is often noted for its atmospheric tension and "mind-bending" plot twists. Core Story & Setting The film borrows heavily from the gothic horror tradition

The film is set in an isolated mental asylum tucked away in the high ranges of Kerala. The story follows Dr. MK Nair

(Fahadh Faasil), a psychiatrist who visits the facility to investigate reports of an autistic patient,

(Sai Pallavi), being kept in solitary confinement. As he digs deeper into the hospital’s unorthodox methods and Nitya's past, he uncovers chilling secrets that blur the line between reality and madness. Key Highlights Performance: Critics have widely praised the chemistry between Fahadh Faasil Sai Pallavi

. Sai Pallavi's portrayal of an autistic patient, particularly her mastery of the martial art Kalaripayattu , was a major talking point. Visual Style:

The film is celebrated for its eerie, gothic atmosphere and scenic yet haunting cinematography that captures the isolation of the Kerala hills. The movie is best known for its shocking climax and suspenseful twists

, which have led many to compare it to international thrillers like Shutter Island Stonehearst Asylum Where to Watch

The film was a commercial success and is available for streaming on Disney+ Hotstar . It was also dubbed into Hindi under the title Pyaar Ka Karm Critical Reception Most critics rated the film between 2.5 and 4 stars The New Indian Express

calling it an "emotionally rewarding psychological thriller." Audience Take:

While some viewers felt the first half was a bit slow, the "adrenaline rush" moments and final reveal are frequently cited as the reasons the movie is considered a "must-watch" for genre fans. recommendations or a detailed breakdown of the ending

(2019) is a standout Malayalam psychological thriller that leans heavily into a Gothic, Hollywood-inspired atmosphere similar to Shutter Island Stonehearst Asylum

. If you're looking for a post that captures why it’s "better" or worth the watch, here is a breakdown of its strongest elements. Why Athiran is a Must-Watch Thriller Atmospheric "Hill-Station" Horror

: Set in a remote 1970s mental asylum tucked away in the lush, misty woods of Ooty, the film uses its setting to build a sense of isolation and foreboding. Sai Pallavi’s Silent Intensity

: In one of her most unique roles, Sai Pallavi plays Nithya, an autistic woman kept in solitary confinement. She has almost zero dialogue, using body language and Kalaripayattu (martial arts) skills to deliver a haunting performance. Fahadh Faasil’s Subtle Nuance

: Fahadh stars as Dr. M.K. Nair, a psychiatrist sent to inspect the facility's unconventional methods. His performance provides a grounded center to the film's increasingly surreal and creepy events. Mind-Bending Narrative

: The plot moves between 1967 and 1972, unravelling a dark history of murder and memory erasure. The final "big reveal" about the identities of the lead characters is frequently cited as one of the movie's most effective moments. Stunning Technicals

: The film is visually striking, with aerial shots of the high ranges and a pulsing, eerie background score by Ghibran that heightens the tension. Quick Movie Profile

The Malayalam film (2019) is a psychological thriller that received mixed to positive reviews from critics and audiences. While many praise its high production value and lead performances, its reception is often divided by its perceived similarities to Hollywood classics like Shutter Island Stonehearst Asylum Why You Might Like It Athiran (2019) - IMDb

Athiran is a psychological thriller that redefined the Malayalam film industry’s approach to the genre. When searching for Athiran on platforms like GoMovies, many fans and critics alike argue that it stands as one of the best examples of atmospheric storytelling. But what makes Athiran better than the average thriller?

The film, directed by Vivek and starring Fahadh Faasil and Sai Pallavi, is more than just a mystery; it is an immersive experience that blends folklore, psychological depth, and stellar performances. A Masterclass in Atmosphere

One of the primary reasons Athiran is considered better than many contemporary thrillers is its setting. The story takes place in a secluded asylum nestled in the misty hills of the Western Ghats. The cinematography captures the eerie, claustrophobic nature of the old mansion, making the location a character in itself. This gothic horror aesthetic sets the stage for a narrative that feels both timeless and deeply unsettling. Fahadh Faasil’s Subtle Brilliance

Fahadh Faasil plays Dr. MK Nair, a character that requires immense restraint. Unlike loud, hero-centric roles often found in mainstream cinema, Fahadh relies on his eyes and minute facial expressions to convey suspicion and intelligence. His performance provides a grounded anchor for the film’s more fantastical or intense moments, ensuring the audience remains invested in the logical progression of the mystery. Sai Pallavi’s Career-Best Performance

The heart of why many claim Athiran is better lies in Sai Pallavi’s portrayal of Nitya. Playing a character with autism who is also a practitioner of Kalarippayattu, she delivers a performance that is both vulnerable and physically demanding. Her sequences involving the ancient martial art are choreographed with a grace that adds a unique cultural layer to the thriller, elevating it above standard "haunted house" tropes. A Non-Linear Narrative that Rewards Attention

The screenplay of Athiran doesn't hand-feed the audience. It utilizes a non-linear structure that slowly peels back the layers of the past. The twists are not just for shock value; they are earned through careful foreshadowing. For viewers looking for a "better" cinematic experience on GoMovies, the intellectual engagement required to piece together Nitya’s history and the doctor’s true intentions makes Athiran a standout choice. Musical Score and Sound Design Title: Beyond the Screen: Why Watching Malayalam Movie

The background score by Ghibran plays a pivotal role in building tension. Instead of relying on jump scares, the film uses a haunting, melodic soundtrack that mirrors the psychological state of the characters. The sound design captures the creaks of the wooden floors and the whistling wind, pulling the viewer into the asylum's corridors. Conclusion

If you are browsing GoMovies for a Malayalam film that offers more than just superficial thrills, Athiran is the answer. It is better because it respects the audience’s intelligence, showcases elite-level acting, and prioritizes a thick, palpable atmosphere over cheap gimmicks. It remains a benchmark for psychological cinema in India.

The Rise of Online Movie Platforms: How Gomovies is Revolutionizing the Way We Watch Malayalam Cinema

The Malayalam film industry, also known as Mollywood, has gained a significant following in recent years, not just in India but globally. With the rise of online movie platforms, accessing Malayalam movies has become easier than ever. One such platform that has gained popularity among movie enthusiasts is Gomovies. In this article, we'll discuss how Gomovies is changing the way we watch Malayalam movies, with a special focus on the movie Athiran.

The Convenience of Gomovies

Gomovies is an online movie platform that offers a vast collection of movies, including Malayalam films. The platform provides users with a convenient way to watch their favorite movies from the comfort of their own homes. With Gomovies, users can access a wide range of movies, including new releases, without having to visit a physical movie theater or rely on traditional TV broadcasts.

The Growing Popularity of Malayalam Cinema

Malayalam cinema has gained a significant following in recent years, thanks to its unique storytelling, talented actors, and high production values. Movies like Take Off, Sudani from Nigeria, and Angamaly Diaries have received critical acclaim and commercial success, both in India and abroad. The industry has also produced some talented actors, such as Mohanlal, Mammootty, and Dulquer Salmaan, who have gained a massive following.

Athiran: A Game-Changing Malayalam Movie

Athiran is a 2019 Malayalam movie directed by Abhijith Joseph and starring Shaji Padoor, Sidhartha Siva, and Binu Pappu. The movie tells the story of a middle-aged man who suffers from Alzheimer's disease and his struggles to cope with his condition. Athiran received positive reviews from critics and audiences alike, with many praising its unique storytelling, strong performances, and sensitive portrayal of a complex medical condition.

Why Athiran is Better on Gomovies

So, why is Athiran better on Gomovies? Here are a few reasons:

The Future of Online Movie Platforms

The rise of online movie platforms like Gomovies is changing the way we consume movies. With the convenience, accessibility, and variety they offer, it's no wonder that more and more people are turning to these platforms to watch their favorite movies. The future of online movie platforms looks bright, with more and more platforms emerging to cater to the growing demand for online entertainment.

The Impact on the Film Industry

The rise of online movie platforms is having a significant impact on the film industry, including Mollywood. With more people watching movies online, the traditional movie distribution model is being disrupted. This has led to new opportunities for filmmakers and producers to reach a wider audience and monetize their content in new ways.

Conclusion

In conclusion, Gomovies is revolutionizing the way we watch Malayalam movies, including Athiran. With its convenience, accessibility, and variety, Gomovies is becoming the go-to platform for movie enthusiasts. The rise of online movie platforms is changing the film industry, and Gomovies is at the forefront of this change. If you're a fan of Malayalam cinema, Gomovies is definitely worth checking out.

FAQs

Keyword density:

Meta description: "Watch Malayalam movies online on Gomovies, including Athiran. Discover the convenience and variety of online movie platforms and how they're changing the film industry."

Header tags:

Forget GoMovies. If you want the best experience of Athiran, follow this guide:


Key features

License

testssl.sh is free and open source software. You can use it under the terms of GPLv2, please review the License before using it.

Attribution is important for the future of this project -- also in the internet. Thus if you're offering a scanner based on testssl.sh as a public and/or paid service in the internet you are strongly encouraged to mention to your audience that you're using this program and where to get this program from. That helps us to get bugfixes, other feedback and more contributions.

Donations

If you like this software, you or your company uses it a lot or even your company makes money from any service around testssl.sh, why not support the project with a donation? It helps keeping the project alive and kicking.

Dirk setup a paypal account for it, keeps track of the money and makes sure it is spend on project related activities.

Donate with PayPal


If you want a deductable commercial invoice in return please get in touch with me before using paypal.

Development

github Development takes place at github. We're now @ 3.2.3 (stable) and 3.3dev.
There was a last release of 3.0.10 (oldstable) but that was the last one in the 3.0.x branch.



Support status

Supported will always be the current dev version and the version before (n-1 rule). As soon as the dev version becomes the stable release, this will be the n-1 version and receives bugfixes only. The dev version has historically not delivered really broken software (no facebook paradigm). Consider it like a rolling release: It'll definitely change-- that is the point of development-- things might break for you if you e.g. expect the output or features all to be the same. But other than that: The dev version itself won't break (TM).

3.2 is the stable branch. There was one final 3.0.10 release, a.k.a the old stable. If you need longer support for 3.0.x there's a possibility for paid maintenance support. We are focussing on 3.3dev, further development will take place in that branch. We aim to not break things badly but, as said, things will change. If you want to make use of new features like QUIC, TLS 1.3 0-RTT, newer SSLlabs rating, check for the Opossum vulnerability and more, you should consider this branch.

-

February 13, 2026: Prerelease/snapshot of 3.3dev, see github or here (signature) .

February 12, 2026: Release of bugfixed version 3.2.3, see 3.2.3 github or here (signature) .

September 18, 2025: Release of bugfixed version 3.2.2, see 3.2.2 github or here (signature) .

June 15, 2025: Start of new development branch 3.3dev, see 3.3dev github.

June 15,2025: Release of final bugfixed version 3.0.10, see 3.0.10 github or here (signature) .

June 13, 2025: Release of bugfixed version 3.2.1, see 3.2.1 @ github or here (signature) .

April 23, 2025: Release of final stable version 3.2.0, after several release candidates. see 3.2.0 @ github or here (signature) .

Jun 13, 2024: Version 3.0.9, see 3.0.9 @ github or here(signature) .

Oct 10, 2023: After several non-tagged and not labelled rc versions a now version 3.2rc3 was released, see 3.2rc3 @ github

Sep 19, 2022: Version 3.0.8, see 3.0.8 @ github or here(signature) .

Feb 19, 2022: Version 3.0.7, see 3.0.7 @ github or here(signature) .
[..]
Jan 23, 2020: Version 3.0 release, see 3.0 @ github. It's been a long rolling release candidate phase since the first 3.0 RC version.

Dec 12, 2017: ROBOT / Bleichenbacher check has been implemented. . Read more about this old+new attack @ robotattack.org. Please checkout 2.9dev @ github. I compiled also some info here, including an Alexa Top 10k scan and some background information.

Sep 19, 2017: Version 2.9.5 has been released. Please checkout 2.9.5 @ github or download it from here, you need the etc tar ball as well.

Screenshots /Pictures here

The pictures are still from an older version of testssl.sh. This will be updated later. It should suffice to get a picture though.

Longer read

testssl.sh is pretty much portable/compatible. It is working on every Linux, Mac OS X, FreeBSD distribution, on MSYS2/Cygwin (slow). It is supposed also to work on any other unixoid systems. A newer OpenSSL version (1.0) is recommended though. /bin/bash is a prerequisite – otherwise there would be no sockets.

Speaking of it: Since version 2.4 some of the checks were done with bash sockets. This improved gradually and from 2.9.5 on almost every check is done with bash sockets. Still OpenSSL is needed for some core functions like openssl <verify|ocsp|pkey> . In principle any OpenSSL or even LibreSSL can be used as a helper. It's recommended to use the one supplied as it makes sure special tests or features like IPv6, proxy support, STARTTLS MySQL or PostgreSQL are supported. (The one supplied stems originally from github.com/PeterMosmans/openssl. openssl-1.0.2k-chacha.pm.ipv6.Linux+FreeBSD.tar.gz is a Linux- and FreeBSD-only tarball. The directory openssl-1.0.2i-chacha.pm.ipv6.contributed/ contains contributed builds for ARM7l and Darwin binaries).

Download shortcuts

Note the following features are supported by the webserver configuration: – each to standard output. Please note however that from 2.9dev on you need the mandatory files in etc/ though, see https://github.com/testssl/testssl.sh/tree/3.0/etc.

Usage

The normal use case is probably just testssl.sh <hostname>, see first picture right hand above (a deliberately bad configuration).

Starting testssl.sh with no params will give you a general idea how to use it: 
userid@somehost:~ % testssl.sh

     "testssl.sh [options] <URI>"    or    "testssl.sh <options>"


"testssl.sh <options>", where <options> is:

     --help                        what you're looking at
     -b, --banner                  displays banner + version of testssl.sh
     -v, --version                 same as previous
     -V, --local                   pretty print all local ciphers
     -V, --local <pattern>         which local ciphers with <pattern> are available? If pattern is not a number: word match

     <pattern>                     is always an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits

"testssl.sh <URI>", where <URI> is:

     <URI>                         host|host:port|URL|URL:port   port 443 is default, URL can only contain HTTPS protocol)

"testssl.sh [options] <URI>", where [options] is:

     -t, --starttls <protocol>     Does a default run against a STARTTLS enabled <protocol,
                                   protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|nntp|postgres|mysql>
     --xmpphost <to_domain>        For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
     --mx <domain/host>            Tests MX records from high to low priority (STARTTLS, port 25)
     --file/-iL <fname>            Mass testing option: Reads one testssl.sh command line per line from <fname>.
                                   Can be combined with --serial or --parallel. Implicitly turns on "--warnings batch".
                                   Text format 1: Comments via # allowed, EOF signals end of <fname>
                                   Text format 2: nmap output in greppable format (-oG), 1 port per line allowed
     --mode <serial|parallel>      Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter)
     --warnings <batch|off>        "batch" doesn't continue when a testing error is encountered, off continues and skips warnings
     --connect-timeout <seconds>   useful to avoid hangers. Max <seconds> to wait for the TCP socket connect to return
     --openssl-timeout <seconds>   useful to avoid hangers. Max <seconds> to wait before openssl connect will be terminated

single check as <options>  ("testssl.sh URI" does everything except -E and -g):
     -e, --each-cipher             checks each local cipher remotely
     -E, --cipher-per-proto        checks those per protocol
     -s, --std, --standard         tests certain lists of cipher suites by strength
     -p, --protocols               checks TLS/SSL protocols (including SPDY/HTTP2)
     -g, --grease                  tests several server implementation bugs like GREASE and size limitations
     -S, --server-defaults         displays the server's default picks and certificate info
     -P, --server-preference       displays the server's picks: protocol+cipher
     -x, --single-cipher <pattern> tests matched <pattern> of ciphers
                                   (if <pattern> not a number: word match)
     -c, --client-simulation       test client simulations, see which client negotiates with cipher and protocol
     -h, --header, --headers       tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address

     -U, --vulnerable              tests all (of the following) vulnerabilities (if applicable)
     -H, --heartbleed              tests for Heartbleed vulnerability
     -I, --ccs, --ccs-injection    tests for CCS injection vulnerability
     -T, --ticketbleed             tests for Ticketbleed vulnerability in BigIP loadbalancers
     -BB, --robot                  tests for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability
     -R, --renegotiation           tests for renegotiation vulnerabilities
     -C, --compression, --crime    tests for CRIME vulnerability (TLS compression issue)
     -B, --breach                  tests for BREACH vulnerability (HTTP compression issue)
     -O, --poodle                  tests for POODLE (SSL) vulnerability
     -Z, --tls-fallback            checks TLS_FALLBACK_SCSV mitigation
     -W, --sweet32                 tests 64 bit block ciphers (3DES, RC2 and IDEA): SWEET32 vulnerability
     -A, --beast                   tests for BEAST vulnerability
     -L, --lucky13                 tests for LUCKY13
     -F, --freak                   tests for FREAK vulnerability
     -J, --logjam                  tests for LOGJAM vulnerability
     -D, --drown                   tests for DROWN vulnerability
     -f, --pfs, --fs, --nsa        checks (perfect) forward secrecy settings
     -4, --rc4, --appelbaum        which RC4 ciphers are being offered?

tuning / connect options (most also can be preset via environment variables):
     --fast                        omits some checks: using openssl for all ciphers (-e), show only first preferred cipher.
     -9, --full                    includes tests for implementation bugs and cipher per protocol (could disappear)
     --bugs                        enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
     --assume-http                 if protocol check fails it assumes HTTP protocol and enforces HTTP checks
     --ssl-native                  fallback to checks with OpenSSL where sockets are normally used
     --openssl <PATH>              use this openssl binary (default: look in $PATH, $RUN_DIR of testssl.sh)
     --proxy <host:port|auto>      (experimental) proxy connects via <host:port>, auto: values from $env ($http(s)_proxy)
     -6                            also use IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
     --ip <ip>                     a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI
                                   b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
     -n, --nodns <min|none>        if "none": do not try any DNS lookups, "min" queries A, AAAA and MX records
     --sneaky                      leave less traces in target logs: user agent, referer
     --ids-friendly                skips a few vulnerability checks which may cause IDSs to block the scanning IP
     --phone-out                   allow to contact external servers for CRL download and querying OCSP responder
     --add-ca <cafile>             path to <cafile> or a comma separated list of CA files enables test against additional CAs.
     --basicauth <user:pass>       provide HTTP basic auth information.

output options (can also be preset via environment variables):
     --quiet                       don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
     --wide                        wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
     --show-each                   for wide outputs: display all ciphers tested -- not only succeeded ones
     --mapping <openssl|           openssl: use the OpenSSL cipher suite name as the primary name cipher suite name form (default)
                iana|rfc             -> use the IANA/(RFC) cipher suite name as the primary name cipher suite name form
                no-openssl|          -> don't display the OpenSSL cipher suite name, display IANA/(RFC) names only
                no-iana|no-rfc>      -> don't display the IANA/(RFC) cipher suite name, display OpenSSL names only
     --color <0|1|2|3>             0: no escape or other codes,  1: b/w escape codes,  2: color (default), 3: extra color (color all ciphers)
     --colorblind                  swap green and blue in the output
     --debug <0-6>                 1: screen output normal but keeps debug output in /tmp/.  2-6: see "grep -A 5 '^DEBUG=' testssl.sh"

file output options (can also be preset via environment variables)
     --log, --logging              logs stdout to '${NODE}-p${port}${YYYYMMDD-HHMM}.log' in current working directory (cwd)
     --logfile|-oL <logfile>       logs stdout to 'dir/${NODE}-p${port}${YYYYMMDD-HHMM}.log'. If 'logfile' is a dir or to a specified 'logfile'
     --json                        additional output of findings to flat JSON file '${NODE}-p${port}${YYYYMMDD-HHMM}.json' in cwd
     --jsonfile|-oj <jsonfile>     additional output to the specified flat JSON file or directory, similar to --logfile
     --json-pretty                 additional JSON structured output of findings to a file '${NODE}-p${port}${YYYYMMDD-HHMM}.json' in cwd
     --jsonfile-pretty|-oJ <jsonfile>  additional JSON structured output to the specified file or directory, similar to --logfile
     --csv                         additional output of findings to CSV file '${NODE}-p${port}${YYYYMMDD-HHMM}.csv' in cwd or directory
     --csvfile|-oC <csvfile>       additional output as CSV to the specified file or directory, similar to --logfile
     --html                        additional output as HTML to file '${NODE}-p${port}${YYYYMMDD-HHMM}.html'
     --htmlfile|-oH <htmlfile>     additional output as HTML to the specified file or directory, similar to --logfile
     --out(f,F)ile|-oa/-oA <fname> log to a LOG,JSON,CSV,HTML file (see nmap). -oA/-oa: pretty/flat JSON.
                                   "auto" uses '${NODE}-p${port}${YYYYMMDD-HHMM}'. If fname if a dir uses 'dir/${NODE}-p${port}${YYYYMMDD-HHMM}'
     --hints                       additional hints to findings
     --severity <severity>         severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL>
     --append                      if (non-empty) <logfile>, <csvfile>, <jsonfile> or <htmlfile> exists, append to file. Omits any header
     --outprefix <fname_prefix>    before  '${NODE}.' above prepend <fname_prefix>


Options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
<URI> always needs to be the last parameter.


userid@somehost:~ %

Details are in the man page.

You are free to check any port – supposed there's any SSL enabled service (TCP) listening. For the service HTTP you can also supply a full URL. STARTTLS services are those which are plaintext and need some kind of an upgrade command to speak TLS. This is very protocol (see difference between IMAP and SMTP) specific. A STARTTLS check with testssl.sh would be invoked with testssl.sh -t pop3 pop.o2online.de:110. Other examples: 
testssl.sh --starttls smtp <smtphost>.<tld>:587 
testssl.sh --starttls ftp <ftphost>.<tld>:21
testssl.sh -t xmpp <jabberhost>.<tld>:5222 
testssl.sh -t xmpp --xmpphost <XMPP domain> <jabberhost>.<tld>:5222 
testssl.sh --starttls imap <imaphost>.<tld>:143
The ports in those examples above are just the standard ports. Also here you're free to check any port. //refactor those, see e.g. https://content-security-policy.com/unsafe-hashes/ or just drop tis shit
If you just want to check the mail exchangers of a domain, do it like this: testssl.sh --mx google.com (make sure port 25 outbound is not blocked by your firewall) – see left hand side picture.

With the output option --wide you get where possible a wide output with hexcode of the cipher, OpenSSL cipher suite name, key exchange (with DH size), encryption algorithm, encryption bits size and maybe the RFC cipher suite name.

If you have the file mapping-rfc.txt in the same directory as testssl.sh it displays in the wide outputs also the corresponding RFC style cipher name. If you don't want this, you need to move mapping-rfc.txt away. Another thing: If you want to find out what local ciphers you have and print them pretty, use testssl.sh -V. Ever wondered what hexcode a cipher is? testssl.sh -V x14 lets you search for the hexcode x14. For hexcodes: If you just specify 14 instead of x14 you will get all ciphers returned which have 14 as a low, middle or high byte. For ciphers: You can also supply a word case pattern, e.g. testssl.sh -V CBC puts out every locally available cipher having the Cipher Block Chaining mode in its name.

testssl.sh -x <pattern> <URI> does the same as testssl.sh -V, it only checks the matched pattern at the server, so e.g. testssl.sh -x ECDH google.com checks google.com for ECDH ciphers (and lists also not available ones at the target), testssl.sh -x DHE smtp.posteo.de:465 does a similar thing for the TLS enabled SMTP service.

testssl.sh --file <myfile> let you do mass testing. The syntax of the file is very easy: one cmdline per line. Use comment signs # as you like, blank lines will be skipped, EOF signals the end of the file – what else? ;-).

You can also specify a proxy since version 2.6: testssl.sh --proxy=<proxyhost>:<proxyport> <your_other_cmds_here> will sneak the openssl and bash sockets requests e.g. out of our corporate environment. Proxy authentication is not supported and the port and protocol has to be allowed in the proxy.

Another neat feature: testssl.sh --header <URI> gives you some information on the HTTP header and marks security features in green (see upper black picture on the right hand side), not so good headers range from yellow over brown to red. It also allows you to fingerprint proxies, see lower black picture.


Changes

3.2




       ... branch is stable github only. Changes relative to 3.0 see changelog.

3.0






















Misc

Feedback, bugs and contributions are welcome! Currently there's one git repo at https://github.com/testssl/testssl.sh. Here @ https://testssl.sh you will always find the latest stable version.

Bugs (and fixes) as well as other PRs can by filed at the git repo or send me a mail to dirk aet testssl dot sh.

I post all significant updates on Mastodon or Bluesky. There was a personal twitter account which is deprecated as we don't like nazis or hate speech.  

Services:  If you need a scanning service or consulting get in touch with me..

Imprint