How to use the sslyze.synchronous_scanner.SynchronousScanner function in sslyze
To help you get started, we’ve selected a few sslyze examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
0xInfection / TIDoS-Framework / modules / 0x02-Scanning+Enumeration / ssltlsscan.py View on Github 
def ssltlsscan(web):
target = web.split('//')[1]
print(R+'\n ===============================')
print(R+' S S L E N U M E R A T I O N')
print(R+' ===============================\n')
print(GR+' [*] Testing server SSL status...')
try:
req = requests.get('https://'+target)
print(G+' [+] SSL Working Properly...')
time.sleep(0.6)
print(O+" [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand():param network_service_uuid: The UUID of the network service that is being scanned.
:param network_service_scan_uuid: The UUID of the network service scan that this enumeration is
a part of.
:param vulnerability_name: A string representing the vulnerability to test for.
:return: None
"""
logger.info(
"Now testing network service %s for SSL vulnerability %s."
% (network_service_uuid, vulnerability_name)
)
command_map = get_ssl_vulnerabilities_command_map()
ValidationHelper.validate_in(to_check=vulnerability_name, contained_by=command_map.keys())
command = command_map[vulnerability_name]["command"]
ip_address = self.network_service.ip_address.address
port = self.network_service.port
scanner = SynchronousScanner()
server_info = ServerConnectivityInfo(hostname=ip_address, ip_address=ip_address, port=port)
try:
server_info.test_connectivity_to_server()
except ServerConnectivityError as e:
logger.warning(
"ServerConnectivityError thrown when attempting to test SSL at %s:%s for %s vulnerability: %s"
% (ip_address, port, vulnerability_name, e.message)
)
return
try:
result = scanner.run_scan_command(server_info, command())
vuln_model = SslVulnerabilityModel.from_database_model(
self.network_service_scan,
test_errored=False,
vuln_test_name=vulnerability_name,
)except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.exception("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
return
except Exception as err:
endpoint.unknown_error = True
logging.exception("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
return
try:
cert_plugin_result = None
command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
scanner = sslyze.synchronous_scanner.SynchronousScanner()
cert_plugin_result = scanner.run_scan_command(server_info, command)
except Exception as err:
try:
if "timed out" in str(err):
logging.exception("{}: Retrying sslyze scanner certificate plugin.".format(endpoint.url))
cert_plugin_result = scanner.run_scan_command(server_info, command)
else:
logging.exception("{}: Unknown exception in sslyze scanner certificate plugin.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
endpoint.unknown_error = True
# We could make this False, but there was an error so
# we don't know
endpoint.https_valid = None
return
except Exception:
logging.exception("{}: Unknown exception in sslyze scanner certificate plugin.".format(endpoint.url))except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.warning("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
return
except Exception as err:
endpoint.unknown_error = True
logging.warning("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
return
try:
cert_plugin_result = None
command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
scanner = sslyze.synchronous_scanner.SynchronousScanner()
cert_plugin_result = scanner.run_scan_command(server_info, command)
except Exception as err:
try:
if("timed out" in str(err)):
logging.warning("{}: Retrying sslyze scanner certificate plugin.".format(endpoint.url))
cert_plugin_result = scanner.run_scan_command(server_info, command)
except Exception:
pass
if(cert_plugin_result is None):
logging.warning("{}: Unknown exception in sslyze scanner certificate plugin.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
endpoint.unknown_error = True
endpoint.https_valid = None # could make this False, but there was an error so we don't know
return
try:"pfs": {"name": "Perfect Forward Secrecy (PFS)", "sequence": 6, "result": False},
"ats": {"name": "App Transport Security (ATS)", "sequence": 7, "result": False},
"ccs": {"name": "CCS Injection", "sequence": 8, "result": False},
"heartbleed": {"name": "HeartBleed", "sequence": 9, "result": False},
}
mini_length = 256
start_time = None
end_time = None
try:
server_tester = ServerConnectivityTester(hostname=url.netloc, port=url.port)
server_info = server_tester.perform()
except:
return error_result
synchronous_scanner = SynchronousScanner()
certificate_result = synchronous_scanner.run_scan_command(
server_info, CertificateInfoScanCommand()
)
cipher_result = synchronous_scanner.run_scan_command(
server_info, Tlsv12ScanCommand()
)
ccs_result = synchronous_scanner.run_scan_command(
server_info, OpenSslCcsInjectionScanCommand()
)
heartbleed_result = synchronous_scanner.run_scan_command(
server_info, HeartbleedScanCommand()
)
if certificate_result.leaf_certificate_subject_matches_hostname:
result_map["match"]["result"] = Truedef ssl_scan(self, target):
print("Running SSL Scan")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
synchronous_scanner = SynchronousScanner()
# TLS 1.0
command = Tlsv10ScanCommand()
scan_result = synchronous_scanner.run_scan_command(server_info, command)
print("Available TLSv1.0 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(' {}'.format(cipher.name))
# TLSv1.2
command = Tlsv12ScanCommand()
scan_result = synchronous_scanner.run_scan_command(server_info, command)
print("Available TLSv1.2 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(' {}'.format(cipher.name))
# Certificate informationlogger.info(
"Now enumerating supported cipher suites for network service %s."
% (network_service_uuid,)
)
ip_address = self.network_service.ip_address.address
port = self.network_service.port
server_info = ServerConnectivityInfo(hostname=ip_address, ip_address=ip_address, port=port)
try:
server_info.test_connectivity_to_server()
except ServerConnectivityError as e:
logger.warning(
"ServerConnectivityError thrown when attempting to inspect SSL at %s:%s: %s"
% (ip_address, port, e.message)
)
return
scanner = SynchronousScanner()
bulk_query = BulkElasticsearchQuery()
network_service_scan = self.network_service_scan
for ssl_protocol, command in get_ssl_cipher_suite_commands():
result = scanner.run_scan_command(server_info, command())
ssl_support_record = SslSupportModel.from_database_model(
network_service_scan,
ssl_version=ssl_protocol,
supported=len(result.accepted_cipher_list) > 0,
)
ssl_support_record.accepted_ciphers = [cipher.name for cipher in result.accepted_cipher_list]
ssl_support_record.rejected_ciphers = [cipher.name for cipher in result.rejected_cipher_list]
ssl_support_record.errored_ciphers = [cipher.name for cipher in result.errored_cipher_list]
ssl_support_record.preferred_cipher = result.preferred_cipher.name if result.preferred_cipher else None
bulk_query.add_model_for_indexing(model=ssl_support_record, index=org_uuid)
logger.info("All cipher suite information converted to Elasticsearch data. Now updating via bulk query.")
bulk_query.save()sslyze
Fast and powerful SSL/TLS scanning library.
Package Health Score
82 / 100Popular sslyze functions
- sslyze.check_ssl_configuration.SslConfiguration
- sslyze.plugins
- sslyze.plugins.certificate_info_plugin
- sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand
- sslyze.plugins.fallback_scsv_plugin.FallbackScsvScanCommand
- sslyze.plugins.heartbleed_plugin.HeartbleedScanCommand
- sslyze.plugins.http_headers_plugin.HttpHeadersScanCommand
- sslyze.plugins.openssl_ccs_injection_plugin.OpenSslCcsInjectionScanCommand
- sslyze.plugins.openssl_cipher_suites_plugin.Tlsv10ScanCommand
- sslyze.plugins.openssl_cipher_suites_plugin.Tlsv11ScanCommand
- sslyze.plugins.openssl_cipher_suites_plugin.Tlsv12ScanCommand
- sslyze.server_connectivity.ServerConnectivityInfo
- sslyze.server_connectivity_tester
- sslyze.server_connectivity_tester.ServerConnectivityError
- sslyze.server_connectivity_tester.ServerConnectivityTester
- sslyze.synchronous_scanner.SynchronousScanner
- sslyze.utils.http_response_parser.HttpResponseParser.parse_from_socket
- sslyze.utils.http_response_parser.HttpResponseParser.parse_from_ssl_connection
- sslyze.utils.ssl_connection_configurator.SslConnectionConfigurator.get_connection
- sslyze.WorkerProcess