ssllabs-scan icon indicating copy to clipboard operation
ssllabs-scan copied to clipboard

Published 20 hours ago verified publisher icon kyhau

Metadata

A simple Python script that calls SSL Labs API to do SSL testings on servers and create a report in html.

SSL Labs Scan

githubactions codecov CodeQL SecretsScan License

This tool calls the SSL Labs API to do SSL testings on the given hosts, and generates csv and html reports.

  • The tool uses API v4 if you provide your registered email with Qualys SSLLabs via the --email argument.
  • The tool uses API v3 if you do not specify the --email argument. Note that v3 will be being deprecated in 2024 by Qualys.

All notable changes to this project will be documented in CHANGELOG.

Built with

  • Python - support Python 3.9, 3.10, 3.11, 3.12.
  • CodeQL is enabled in this repository.
  • Dependabot is enabled for auto dependency updates.
  • Gitleaks and TruffleHog are enabled in this GitHub Actions workflow for detecting and preventing hardcoded secrets.

Input and outputs

Sample input: sample/SampleServerList.txt

  1. summary.html (sample output: sample/summary.html)
  2. summary.csv (sample output: sample/summary.csv)
  3. hostname.json (sample output: sample/google.com.json)

Sample html output: alt text

You can change the report template and styles in these files:

  • ssllabsscan/report_template.py
  • ssllabsscan/styles.css

Important Notes

ℹ️ Please note that from Qualys SSLLabs API v4, you must use a one-time registration with Qualys SSLLabs. For details see Introduction of API v4 for Qualys SSLLabs and deprecation of API v3.

The API v3 API will be available until the end of 2023 (Dec 31st 2023), and starting from 1st January 2024, we will be deprecating the API v3 support for SSL Labs. Request all customers to move to API v4.

ℹ️ Please note that the SSL Labs Assessment API has access rate limits. You can find more details in the sections "Error Response Status Codes" and "Access Rate and Rate Limiting" in the official SSL Labs API Documentation. Some common status codes are:

  • 400 - invocation error (e.g., invalid parameters)
  • 429 - client request rate too high or too many new assessments too fast
  • 500 - internal error
  • 503 - the service is not available (e.g., down for maintenance)
  • 529 - the service is overloaded

Build and run

Linux

# Create and activate a new virtual env (optional)
virtualenv env
. env/bin/activate

# Install
pip install -e .

# Run with v3 (v3, which does not required a registered email, will be being deprecated in 2024)
ssllabs-scan sample/SampleServerList.txt

# Run with v4
ssllabs-scan sample/SampleServerList.txt --email <your registered email with Qualys SSLLabs>

Windows

# Create and activate a new virtual env (optional)
virtualenv env
env\Scripts\activate

# Install
pip install -e .

# Run with v3 (v3, which does not required a registered email, will be being deprecated in 2024)
ssllabs-scan sample\SampleServerList.txt

# Run with v4
ssllabs-scan sample\SampleServerList.txt --email <your registered email with Qualys SSLLabs>

Docker

# Build docker image
docker build . --tag=ssllabsscan

Running Docker from commandline:

# create directory for input and output
mkdir out
# put serverlist in directory
cp SampleServerlist.txt out
# Run docker image with created directory mounted as /tmp
# use -t option to prevent output buffering
docker run --mount type=bind,source=./out,target=/tmp ssllabsscan  -o /tmp/output.html -s /tmp/output.csv /tmp/SampleServerList.txt
# all html, csv, json output is in the out directory

Example console output

$ ssllabs-scan sample/SampleServerList.txt
Start analyzing duckduckgo.com...
Status: DNS, StatusMsg(Resolving domain names): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Start analyzing google.com...
Status: DNS, StatusMsg(Resolving domain names): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Creating summary.html ...

Run Tox tests and build the wheels

pip install -r requirements-build.txt
tox -r

Metadata

27
Stars
12
Forks
Watchers

Owner

verified publisher icon kyhau

Metadata

A simple Python script that calls SSL Labs API to do SSL testings on servers and create a report in html.

Back