How to use sslyze - 10 common examples

To help you get started, we’ve selected a few sslyze examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github cisagov / pshtt / pshtt / pshtt.py View on Github external
def https_check(endpoint):
    """
    Uses sslyze to figure out the reason the endpoint wouldn't verify.
    """
    utils.debug("sslyzing {}...".format(endpoint.url))

    # remove the https:// from prefix for sslyze
    try:
        hostname = endpoint.url[8:]
        server_tester = ServerConnectivityTester(hostname=hostname, port=443)
        server_info = server_tester.perform()
        endpoint.live = True
        ip = server_info.ip_address
        if endpoint.ip is None:
            endpoint.ip = ip
        else:
            if endpoint.ip != ip:
                utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
        if server_info.client_auth_requirement.name == 'REQUIRED':
            endpoint.https_client_auth_required = True
            logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
    except ServerConnectivityError as err:
        endpoint.live = False
        endpoint.https_valid = False
        logging.warning("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
        utils.debug("{}: {}".format(endpoint.url, err))
github cisagov / pshtt / pshtt / pshtt.py View on Github external
def https_check(endpoint):
    """
    Uses sslyze to figure out the reason the endpoint wouldn't verify.
    """
    utils.debug("sslyzing {}...".format(endpoint.url))

    # remove the https:// from prefix for sslyze
    try:
        hostname = endpoint.url[8:]
        server_tester = ServerConnectivityTester(hostname=hostname, port=443)
        server_info = server_tester.perform()
        endpoint.live = True
        ip = server_info.ip_address
        if endpoint.ip is None:
            endpoint.ip = ip
        else:
            if endpoint.ip != ip:
                utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
        if server_info.client_auth_requirement.name == 'REQUIRED':
            endpoint.https_client_auth_required = True
            logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
    except ServerConnectivityError as err:
        endpoint.live = False
        endpoint.https_valid = False
        logging.exception("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
        utils.debug("{}: {}".format(endpoint.url, err))
github cisagov / pshtt / pshtt / pshtt.py View on Github external
# remove the https:// from prefix for sslyze
    try:
        hostname = endpoint.url[8:]
        server_tester = ServerConnectivityTester(hostname=hostname, port=443)
        server_info = server_tester.perform()
        endpoint.live = True
        ip = server_info.ip_address
        if endpoint.ip is None:
            endpoint.ip = ip
        else:
            if endpoint.ip != ip:
                utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
        if server_info.client_auth_requirement.name == 'REQUIRED':
            endpoint.https_client_auth_required = True
            logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
    except ServerConnectivityError as err:
        endpoint.live = False
        endpoint.https_valid = False
        logging.warning("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
        utils.debug("{}: {}".format(endpoint.url, err))
        return
    except Exception as err:
        endpoint.unknown_error = True
        logging.warning("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
        utils.debug("{}: {}".format(endpoint.url, err))
        return

    try:
        cert_plugin_result = None
        command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
        scanner = sslyze.synchronous_scanner.SynchronousScanner()
        cert_plugin_result = scanner.run_scan_command(server_info, command)
github cisagov / pshtt / pshtt / pshtt.py View on Github external
# remove the https:// from prefix for sslyze
    try:
        hostname = endpoint.url[8:]
        server_tester = ServerConnectivityTester(hostname=hostname, port=443)
        server_info = server_tester.perform()
        endpoint.live = True
        ip = server_info.ip_address
        if endpoint.ip is None:
            endpoint.ip = ip
        else:
            if endpoint.ip != ip:
                utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
        if server_info.client_auth_requirement.name == 'REQUIRED':
            endpoint.https_client_auth_required = True
            logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
    except ServerConnectivityError as err:
        endpoint.live = False
        endpoint.https_valid = False
        logging.exception("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
        utils.debug("{}: {}".format(endpoint.url, err))
        return
    except Exception as err:
        endpoint.unknown_error = True
        logging.exception("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
        utils.debug("{}: {}".format(endpoint.url, err))
        return

    try:
        cert_plugin_result = None
        command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
        scanner = sslyze.synchronous_scanner.SynchronousScanner()
        cert_plugin_result = scanner.run_scan_command(server_info, command)
github 0xInfection / TIDoS-Framework / modules / 0x02-Scanning+Enumeration / ssltlsscan.py View on Github external
def ssltlsscan(web):

    target = web.split('//')[1]
    print(R+'\n    ===============================')
    print(R+'     S S L   E N U M E R A T I O N')
    print(R+'    ===============================\n')
    print(GR+' [*] Testing server SSL status...')
    try:
        req = requests.get('https://'+target)
        print(G+' [+] SSL Working Properly...')
        time.sleep(0.6)
        print(O+" [!] Running SSL Enumeration...\n")
        try:
            server_tester = ServerConnectivityTester(hostname=target)
            server_info = server_tester.perform()
            scanner = SynchronousScanner()

            command = Tlsv10ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.0 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.1 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')
github VainlyStrain / Vaile / modules / ScanningEnumeration / ssltlsscan.py View on Github external
def ssltlsscan(web):

    target = web.split('//')[1]
    #print(R+'\n    ===============================')
    #print(R+'     S S L   E N U M E R A T I O N')
    #print(R+'    ===============================\n')
    from core.methods.print import pscan
    pscan("ssl enumeration")
    print(GR+' [*] Testing server SSL status...')
    try:
        req = requests.get('https://'+target)
        print(G+' [+] SSL Working Properly...'+color.TR2+C)
        time.sleep(0.6)
        print(C+" [!] Running SSL Enumeration...\n")
        try:
            server_tester = ServerConnectivityTester(hostname=target)
            server_info = server_tester.perform()
            scanner = SynchronousScanner()

            command = Tlsv10ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.0 Ciphers:"+color.TR2+C)
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')
github 0xInfection / TIDoS-Framework / modules / 0x02-Scanning+Enumeration / ssltlsscan.py View on Github external
def ssltlsscan(web):

    target = web.split('//')[1]
    print(R+'\n    ===============================')
    print(R+'     S S L   E N U M E R A T I O N')
    print(R+'    ===============================\n')
    print(GR+' [*] Testing server SSL status...')
    try:
        req = requests.get('https://'+target)
        print(G+' [+] SSL Working Properly...')
        time.sleep(0.6)
        print(O+" [!] Running SSL Enumeration...\n")
        try:
            server_tester = ServerConnectivityTester(hostname=target)
            server_info = server_tester.perform()
            scanner = SynchronousScanner()

            command = Tlsv10ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.0 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.1 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv12ScanCommand()
github VainlyStrain / Vaile / modules / ScanningEnumeration / ssltlsscan.py View on Github external
command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv12ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.2 Ciphers:"+color.TR2+C)
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = CertificateInfoScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+' [+] Certificate Information:'+color.TR2+C)
            for entry in scan_result.as_text():
                if entry != '':
                    if 'certificate information' in entry.lower():
                        pass
                    elif ':' in entry:
                        print(GR+'    [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
                    else:
                        print(C+'\n  [+] ' +entry.strip())
            print('')

            command = HttpHeadersScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+' [+] HTTP Results:'+C+color.TR2+C)
            for entry in scan_result.as_text():
github 0xInfection / TIDoS-Framework / modules / 0x02-Scanning+Enumeration / ssltlsscan.py View on Github external
command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.1 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv12ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.2 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = CertificateInfoScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+' [+] Certificate Information:')
            for entry in scan_result.as_text():
                if entry != '':
                    if 'certificate information' in entry.lower():
                        pass
                    elif ':' in entry:
                        print(GR+'    [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
                    else:
                        print(O+'\n  [+] ' +entry.strip())
            print('')

            command = HttpHeadersScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+' [+] HTTP Results:')
            for entry in scan_result.as_text():
github VainlyStrain / Vaile / modules / ScanningEnumeration / ssltlsscan.py View on Github external
command = Tlsv10ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.0 Ciphers:"+color.TR2+C)
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = Tlsv12ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+" [+] Available TLS v1.2 Ciphers:"+color.TR2+C)
            for cipher in scan_result.accepted_cipher_list:
                print(C+'    {}'.format(cipher.name))
            print('')

            command = CertificateInfoScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G+' [+] Certificate Information:'+color.TR2+C)
            for entry in scan_result.as_text():
                if entry != '':
                    if 'certificate information' in entry.lower():
                        pass
                    elif ':' in entry:
                        print(GR+'    [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
                    else: