How to use sslyze - 10 common examples
To help you get started, we’ve selected a few sslyze examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cisagov / pshtt / pshtt / pshtt.py View on Github 
def https_check(endpoint):
"""
Uses sslyze to figure out the reason the endpoint wouldn't verify.
"""
utils.debug("sslyzing {}...".format(endpoint.url))
# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.warning("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))def https_check(endpoint):
"""
Uses sslyze to figure out the reason the endpoint wouldn't verify.
"""
utils.debug("sslyzing {}...".format(endpoint.url))
# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.exception("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.warning("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
return
except Exception as err:
endpoint.unknown_error = True
logging.warning("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
return
try:
cert_plugin_result = None
command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
scanner = sslyze.synchronous_scanner.SynchronousScanner()
cert_plugin_result = scanner.run_scan_command(server_info, command)# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.exception("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
return
except Exception as err:
endpoint.unknown_error = True
logging.exception("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
return
try:
cert_plugin_result = None
command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
scanner = sslyze.synchronous_scanner.SynchronousScanner()
cert_plugin_result = scanner.run_scan_command(server_info, command)def ssltlsscan(web):
target = web.split('//')[1]
print(R+'\n ===============================')
print(R+' S S L E N U M E R A T I O N')
print(R+' ===============================\n')
print(GR+' [*] Testing server SSL status...')
try:
req = requests.get('https://'+target)
print(G+' [+] SSL Working Properly...')
time.sleep(0.6)
print(O+" [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')def ssltlsscan(web):
target = web.split('//')[1]
#print(R+'\n ===============================')
#print(R+' S S L E N U M E R A T I O N')
#print(R+' ===============================\n')
from core.methods.print import pscan
pscan("ssl enumeration")
print(GR+' [*] Testing server SSL status...')
try:
req = requests.get('https://'+target)
print(G+' [+] SSL Working Properly...'+color.TR2+C)
time.sleep(0.6)
print(C+" [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')def ssltlsscan(web):
target = web.split('//')[1]
print(R+'\n ===============================')
print(R+' S S L E N U M E R A T I O N')
print(R+' ===============================\n')
print(GR+' [*] Testing server SSL status...')
try:
req = requests.get('https://'+target)
print(G+' [+] SSL Working Properly...')
time.sleep(0.6)
print(O+" [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.2 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = CertificateInfoScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] Certificate Information:'+color.TR2+C)
for entry in scan_result.as_text():
if entry != '':
if 'certificate information' in entry.lower():
pass
elif ':' in entry:
print(GR+' [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
else:
print(C+'\n [+] ' +entry.strip())
print('')
command = HttpHeadersScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] HTTP Results:'+C+color.TR2+C)
for entry in scan_result.as_text():command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.2 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = CertificateInfoScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] Certificate Information:')
for entry in scan_result.as_text():
if entry != '':
if 'certificate information' in entry.lower():
pass
elif ':' in entry:
print(GR+' [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
else:
print(O+'\n [+] ' +entry.strip())
print('')
command = HttpHeadersScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] HTTP Results:')
for entry in scan_result.as_text():command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.2 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = CertificateInfoScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] Certificate Information:'+color.TR2+C)
for entry in scan_result.as_text():
if entry != '':
if 'certificate information' in entry.lower():
pass
elif ':' in entry:
print(GR+' [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
else:sslyze
Fast and powerful SSL/TLS scanning library.
Package Health Score
82 / 100Popular sslyze functions
- sslyze.check_ssl_configuration.SslConfiguration
- sslyze.plugins
- sslyze.plugins.certificate_info_plugin
- sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand
- sslyze.plugins.fallback_scsv_plugin.FallbackScsvScanCommand
- sslyze.plugins.heartbleed_plugin.HeartbleedScanCommand
- sslyze.plugins.http_headers_plugin.HttpHeadersScanCommand
- sslyze.plugins.openssl_ccs_injection_plugin.OpenSslCcsInjectionScanCommand
- sslyze.plugins.openssl_cipher_suites_plugin.Tlsv10ScanCommand
- sslyze.plugins.openssl_cipher_suites_plugin.Tlsv11ScanCommand
- sslyze.plugins.openssl_cipher_suites_plugin.Tlsv12ScanCommand
- sslyze.server_connectivity.ServerConnectivityInfo
- sslyze.server_connectivity_tester
- sslyze.server_connectivity_tester.ServerConnectivityError
- sslyze.server_connectivity_tester.ServerConnectivityTester
- sslyze.synchronous_scanner.SynchronousScanner
- sslyze.utils.http_response_parser.HttpResponseParser.parse_from_socket
- sslyze.utils.http_response_parser.HttpResponseParser.parse_from_ssl_connection
- sslyze.utils.ssl_connection_configurator.SslConnectionConfigurator.get_connection
- sslyze.WorkerProcess