Created
December 18, 2017 04:13
-
-
Save nabla-c0d3/989e37e6204a5e689eeb988321b48ca3 to your computer and use it in GitHub Desktop.
Using SSLyze as a Python module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
from __future__ import absolute_import | |
from __future__ import unicode_literals | |
from sslyze.concurrent_scanner import ConcurrentScanner, PluginRaisedExceptionScanResult | |
from sslyze.plugins.utils.certificate_utils import CertificateUtils | |
from sslyze.plugins.certificate_info_plugin import CertificateInfoScanCommand | |
from sslyze.plugins.session_renegotiation_plugin import SessionRenegotiationScanCommand | |
from sslyze.server_connectivity import ServerConnectivityInfo, ServerConnectivityError | |
from sslyze.ssl_settings import TlsWrappedProtocolEnum | |
from sslyze.plugins.openssl_cipher_suites_plugin import Tlsv12ScanCommand | |
if __name__ == '__main__': | |
# Setup the server to scan and ensure it is online/reachable | |
hostname = 'smtp.gmail.com' | |
try: | |
server_info = ServerConnectivityInfo(hostname=hostname, port=587, | |
tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP) | |
server_info.test_connectivity_to_server() | |
except ServerConnectivityError as e: | |
# Could not establish an SSL connection to the server | |
raise RuntimeError('Error when connecting to {}: {}'.format(hostname, e.error_msg)) | |
concurrent_scanner = ConcurrentScanner() | |
# Queue some scan commands | |
print('\nQueuing some commands...') | |
concurrent_scanner.queue_scan_command(server_info, Tlsv12ScanCommand()) | |
concurrent_scanner.queue_scan_command(server_info, SessionRenegotiationScanCommand()) | |
concurrent_scanner.queue_scan_command(server_info, CertificateInfoScanCommand()) | |
# Process the results | |
reneg_result = None | |
print('\nProcessing results...') | |
for scan_result in concurrent_scanner.get_results(): | |
# All scan results have the corresponding scan_command and server_info as an attribute | |
print('\nReceived scan result for {} on host {}'.format(scan_result.scan_command.__class__.__name__, | |
scan_result.server_info.hostname)) | |
# Sometimes a scan command can unexpectedly fail (as a bug); it is returned as a PluginRaisedExceptionResult | |
if isinstance(scan_result, PluginRaisedExceptionScanResult): | |
raise RuntimeError('Scan command failed: {}'.format(scan_result.as_text())) | |
# Each scan result has attributes with the information yo're looking for, specific to each scan command | |
# All these attributes are documented within each scan command's module | |
if isinstance(scan_result.scan_command, Tlsv12ScanCommand): | |
# Do something with the result | |
print('TLS 1.2 cipher suites') | |
for cipher in scan_result.accepted_cipher_list: | |
print(' {}'.format(cipher.name)) | |
elif isinstance(scan_result.scan_command, SessionRenegotiationScanCommand): | |
reneg_result = scan_result | |
print('Client renegotiation: {}'.format(scan_result.accepts_client_renegotiation)) | |
print('Secure renegotiation: {}'.format(scan_result.supports_secure_renegotiation)) | |
elif isinstance(scan_result.scan_command, CertificateInfoScanCommand): | |
# Print the Common Names within the certificate chain | |
cns_in_certificate_chain = [CertificateUtils.get_name_as_short_text(cert.subject) | |
for cert in scan_result.verified_certificate_chain] | |
print('Certificate Chain CNn: {}'.format(cns_in_certificate_chain)) | |
This code snippet was for SSLyze 1.0.0; you can see an up-to-date example at https://github.com/nabla-c0d3/sslyze/blob/master/api_sample.py
Thanks for the quick reply. I used the script you provide and all import are not working, ImportError: cannot import name 'ServerNetworkLocationViaDirectConnection' knowing that I'm using sslyze v 3.0.1. how to fix this issue? thanks
want a code to scrape the multiple website to find:
- Identify Application Entry Points- ["/login", "/admin", "/api"]
- Testing for Common Libraries and Fingerprinting- ["jQuery", "Bootstrap", "AngularJS", "React"]
- Map Execution Paths Through Application
- Fingerprint Web Application Framework 5. Map Application Architecture
can you help me?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Im getting this error
ModuleNotFoundError: No module named 'sslyze.server_connectivity'; 'sslyze' is not a package ?
I'm using sslzyze version 3.0.1