Created
December 18, 2017 04:13
-
-
Save nabla-c0d3/989e37e6204a5e689eeb988321b48ca3 to your computer and use it in GitHub Desktop.
Using SSLyze as a Python module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
from __future__ import absolute_import | |
from __future__ import unicode_literals | |
from sslyze.concurrent_scanner import ConcurrentScanner, PluginRaisedExceptionScanResult | |
from sslyze.plugins.utils.certificate_utils import CertificateUtils | |
from sslyze.plugins.certificate_info_plugin import CertificateInfoScanCommand | |
from sslyze.plugins.session_renegotiation_plugin import SessionRenegotiationScanCommand | |
from sslyze.server_connectivity import ServerConnectivityInfo, ServerConnectivityError | |
from sslyze.ssl_settings import TlsWrappedProtocolEnum | |
from sslyze.plugins.openssl_cipher_suites_plugin import Tlsv12ScanCommand | |
if __name__ == '__main__': | |
# Setup the server to scan and ensure it is online/reachable | |
hostname = 'smtp.gmail.com' | |
try: | |
server_info = ServerConnectivityInfo(hostname=hostname, port=587, | |
tls_wrapped_protocol=TlsWrappedProtocolEnum.STARTTLS_SMTP) | |
server_info.test_connectivity_to_server() | |
except ServerConnectivityError as e: | |
# Could not establish an SSL connection to the server | |
raise RuntimeError('Error when connecting to {}: {}'.format(hostname, e.error_msg)) | |
concurrent_scanner = ConcurrentScanner() | |
# Queue some scan commands | |
print('\nQueuing some commands...') | |
concurrent_scanner.queue_scan_command(server_info, Tlsv12ScanCommand()) | |
concurrent_scanner.queue_scan_command(server_info, SessionRenegotiationScanCommand()) | |
concurrent_scanner.queue_scan_command(server_info, CertificateInfoScanCommand()) | |
# Process the results | |
reneg_result = None | |
print('\nProcessing results...') | |
for scan_result in concurrent_scanner.get_results(): | |
# All scan results have the corresponding scan_command and server_info as an attribute | |
print('\nReceived scan result for {} on host {}'.format(scan_result.scan_command.__class__.__name__, | |
scan_result.server_info.hostname)) | |
# Sometimes a scan command can unexpectedly fail (as a bug); it is returned as a PluginRaisedExceptionResult | |
if isinstance(scan_result, PluginRaisedExceptionScanResult): | |
raise RuntimeError('Scan command failed: {}'.format(scan_result.as_text())) | |
# Each scan result has attributes with the information yo're looking for, specific to each scan command | |
# All these attributes are documented within each scan command's module | |
if isinstance(scan_result.scan_command, Tlsv12ScanCommand): | |
# Do something with the result | |
print('TLS 1.2 cipher suites') | |
for cipher in scan_result.accepted_cipher_list: | |
print(' {}'.format(cipher.name)) | |
elif isinstance(scan_result.scan_command, SessionRenegotiationScanCommand): | |
reneg_result = scan_result | |
print('Client renegotiation: {}'.format(scan_result.accepts_client_renegotiation)) | |
print('Secure renegotiation: {}'.format(scan_result.supports_secure_renegotiation)) | |
elif isinstance(scan_result.scan_command, CertificateInfoScanCommand): | |
# Print the Common Names within the certificate chain | |
cns_in_certificate_chain = [CertificateUtils.get_name_as_short_text(cert.subject) | |
for cert in scan_result.verified_certificate_chain] | |
print('Certificate Chain CNn: {}'.format(cns_in_certificate_chain)) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
can you help me?