nabla-c0d3/sslyze_api.py

## sslyze_api.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from __future__ import absolute_import
from __future__ import unicode_literals


from sslyze.concurrent_scanner import ConcurrentScanner, PluginRaisedExceptionScanResult
from sslyze.plugins.utils.certificate_utils import CertificateUtils
from sslyze.plugins.certificate_info_plugin import CertificateInfoScanCommand
from sslyze.plugins.session_renegotiation_plugin import SessionRenegotiationScanCommand
from sslyze.server_connectivity import ServerConnectivityInfo, ServerConnectivityError
from sslyze.ssl_settings import TlsWrappedProtocolEnum
from sslyze.plugins.openssl_cipher_suites_plugin import Tlsv12ScanCommand

if __name__ == '__main__':
    # Setup the server to scan and ensure it is online/reachable
    hostname = 'smtp.gmail.com'
    try:
        server_info = ServerConnectivityInfo(hostname=hostname, port=587,
                                             tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP)
        server_info.test_connectivity_to_server()
    except ServerConnectivityError as e:
        # Could not establish an SSL connection to the server
        raise RuntimeError('Error when connecting to {}: {}'.format(hostname, e.error_msg))

    concurrent_scanner = ConcurrentScanner()

    # Queue some scan commands
    print('\nQueuing some commands...')
    concurrent_scanner.queue_scan_command(server_info, Tlsv12ScanCommand())
    concurrent_scanner.queue_scan_command(server_info, SessionRenegotiationScanCommand())
    concurrent_scanner.queue_scan_command(server_info, CertificateInfoScanCommand())

    # Process the results
    reneg_result = None
    print('\nProcessing results...')
    for scan_result in concurrent_scanner.get_results():
        # All scan results have the corresponding scan_command and server_info as an attribute
        print('\nReceived scan result for {} on host {}'.format(scan_result.scan_command.__class__.__name__,
                                                                 scan_result.server_info.hostname))

        # Sometimes a scan command can unexpectedly fail (as a bug); it is returned as a PluginRaisedExceptionResult
        if isinstance(scan_result, PluginRaisedExceptionScanResult):
            raise RuntimeError('Scan command failed: {}'.format(scan_result.as_text()))

        # Each scan result has attributes with the information yo're looking for, specific to each scan command
        # All these attributes are documented within each scan command's module
        if isinstance(scan_result.scan_command, Tlsv12ScanCommand):
            # Do something with the result
            print('TLS 1.2 cipher suites')
            for cipher in scan_result.accepted_cipher_list:
                print('    {}'.format(cipher.name))

        elif isinstance(scan_result.scan_command, SessionRenegotiationScanCommand):
            reneg_result = scan_result
            print('Client renegotiation: {}'.format(scan_result.accepts_client_renegotiation))
            print('Secure renegotiation: {}'.format(scan_result.supports_secure_renegotiation))

        elif isinstance(scan_result.scan_command, CertificateInfoScanCommand):
            # Print the Common Names within the certificate chain
            cns_in_certificate_chain = [CertificateUtils.get_name_as_short_text(cert.subject)
                                        for cert in scan_result.verified_certificate_chain]
            print('Certificate Chain CNn: {}'.format(cns_in_certificate_chain))
	#!/usr/bin/env python
	# -- coding: utf-8 --
	from __future__ import absolute_import
	from __future__ import unicode_literals


	from sslyze.concurrent_scanner import ConcurrentScanner, PluginRaisedExceptionScanResult
	from sslyze.plugins.utils.certificate_utils import CertificateUtils
	from sslyze.plugins.certificate_info_plugin import CertificateInfoScanCommand
	from sslyze.plugins.session_renegotiation_plugin import SessionRenegotiationScanCommand
	from sslyze.server_connectivity import ServerConnectivityInfo, ServerConnectivityError
	from sslyze.ssl_settings import TlsWrappedProtocolEnum
	from sslyze.plugins.openssl_cipher_suites_plugin import Tlsv12ScanCommand

	if __name__ == '__main__':
	# Setup the server to scan and ensure it is online/reachable
	hostname = 'smtp.gmail.com'
	try:
	server_info = ServerConnectivityInfo(hostname=hostname, port=587,
	tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP)
	server_info.test_connectivity_to_server()
	except ServerConnectivityError as e:
	# Could not establish an SSL connection to the server
	raise RuntimeError('Error when connecting to {}: {}'.format(hostname, e.error_msg))

	concurrent_scanner = ConcurrentScanner()

	# Queue some scan commands
	print('\nQueuing some commands...')
	concurrent_scanner.queue_scan_command(server_info, Tlsv12ScanCommand())
	concurrent_scanner.queue_scan_command(server_info, SessionRenegotiationScanCommand())
	concurrent_scanner.queue_scan_command(server_info, CertificateInfoScanCommand())

	# Process the results
	reneg_result = None
	print('\nProcessing results...')
	for scan_result in concurrent_scanner.get_results():
	# All scan results have the corresponding scan_command and server_info as an attribute
	print('\nReceived scan result for {} on host {}'.format(scan_result.scan_command.__class__.__name__,
	scan_result.server_info.hostname))

	# Sometimes a scan command can unexpectedly fail (as a bug); it is returned as a PluginRaisedExceptionResult
	if isinstance(scan_result, PluginRaisedExceptionScanResult):
	raise RuntimeError('Scan command failed: {}'.format(scan_result.as_text()))

	# Each scan result has attributes with the information yo're looking for, specific to each scan command
	# All these attributes are documented within each scan command's module
	if isinstance(scan_result.scan_command, Tlsv12ScanCommand):
	# Do something with the result
	print('TLS 1.2 cipher suites')
	for cipher in scan_result.accepted_cipher_list:
	print(' {}'.format(cipher.name))

	elif isinstance(scan_result.scan_command, SessionRenegotiationScanCommand):
	reneg_result = scan_result
	print('Client renegotiation: {}'.format(scan_result.accepts_client_renegotiation))
	print('Secure renegotiation: {}'.format(scan_result.supports_secure_renegotiation))

	elif isinstance(scan_result.scan_command, CertificateInfoScanCommand):
	# Print the Common Names within the certificate chain
	cns_in_certificate_chain = [CertificateUtils.get_name_as_short_text(cert.subject)
	for cert in scan_result.verified_certificate_chain]
	print('Certificate Chain CNn: {}'.format(cns_in_certificate_chain))