GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nabla-c0d3 → Sslyze

nabla-c0d3 / Sslyze

Licence: agpl-3.0
Fast and powerful SSL/TLS scanning library.

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

securitylibraryssltlsscanstls13ssllabssslyzeheartbleedtls-scanning-library

Projects that are alternatives of or similar to Sslyze

wolfssl-py
Python wrapper for wolfSSL embedded SSL/TLS library.
Stars: ✭ 30 (-98.86%)
Mutual labels:  tls, ssl, tls13
Atls
A light TLS implementation used for learning: TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 GMSSL 1.1(国密SSL) based on libcrypto.so.
Stars: ✭ 134 (-94.89%)
Mutual labels:  ssl, tls, tls13
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (-94.59%)
Mutual labels:  tls, ssl, tls13
Tls Channel
A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.
Stars: ✭ 113 (-95.69%)
Mutual labels:  library, ssl, tls
Testssl.sh
Testing TLS/SSL encryption anywhere on any port
Stars: ✭ 5,676 (+116.39%)
Mutual labels:  ssl, tls, heartbleed
Tlsfuzzer
SSL and TLS protocol test suite and fuzzer
Stars: ✭ 335 (-87.23%)
Mutual labels:  ssl, tls, tls13
sslcli
Pretty awesome command-line client for public SSLLabs API
Stars: ✭ 17 (-99.35%)
Mutual labels:  tls, ssl, ssllabs
Illustrated Tls13
The Illustrated TLS 1.3 Connection: Every byte explained
Stars: ✭ 372 (-85.82%)
Mutual labels:  ssl, tls, tls13
Wolfssl
wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
Stars: ✭ 1,098 (-58.14%)
Mutual labels:  ssl, tls, tls13
Tlslite Ng
TLS implementation in pure python, focused on interoperability testing
Stars: ✭ 119 (-95.46%)
Mutual labels:  ssl, tls, tls13
V2ray Websocket Tls Web Setup Script
V2Ray-WebSocket ws +TLS 1.3 +Web 搭建/管理脚本
Stars: ✭ 155 (-94.09%)
Mutual labels:  tls, tls13
Acmetool
🔒 acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Stars: ✭ 1,882 (-28.25%)
Mutual labels:  ssl, tls
Fluentftp
An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#,…
Stars: ✭ 1,943 (-25.92%)
Mutual labels:  ssl, tls
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (-94.85%)
Mutual labels:  ssl, tls
Https Ssl Cert Check Zabbix
Script to check validity and expiration of TLS/SSL certificate on site. May be used with Zabbix or standalone.
Stars: ✭ 162 (-93.82%)
Mutual labels:  ssl, tls
Search Guard Ssl
Elasticsearch SSL for free. Supports native Open SSL.
Stars: ✭ 159 (-93.94%)
Mutual labels:  ssl, tls
Ssl exporter
Exports Prometheus metrics for SSL certificates
Stars: ✭ 211 (-91.96%)
Mutual labels:  ssl, tls
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (-93.79%)
Mutual labels:  ssl, tls
Badssl.com
🔒 Memorable site for testing clients against bad SSL configs.
Stars: ✭ 2,234 (-14.83%)
Mutual labels:  ssl, tls
Cert
Cert is the Go tool to get TLS certificate information.
Stars: ✭ 166 (-93.67%)
Mutual labels:  ssl, tls
View All Similar Projects ➔

SSLyze

Run Tests Downloads PyPI version Python version

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elliptic curves, etc.), and that it is not vulnerable to known TLS attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).

Key features

  • Focus on speed and reliability: SSLyze is a battle-tested tool that is used to reliably scan hundreds of thousands of servers every day.
  • Easy to operationalize: SSLyze can be directly run from CI/CD, in order to continuously check a server against Mozilla's recommended TLS configuration.
  • Fully documented Python API to run scans directly from any Python application, such as a function deployed to AWS Lambda.
  • Support for scanning non-HTTP servers including SMTP, XMPP, LDAP, POP, IMAP, RDP, Postgres and FTP servers.
  • Results of a scan can easily be saved to a JSON file for later processing.
  • And much more!

Quick start

On Windows, Linux (x86 or x64) and macOS, SSLyze can be installed directly via pip:

$ pip install --upgrade pip setuptools wheel
$ pip install --upgrade sslyze
$ python -m sslyze www.yahoo.com www.google.com "[2607:f8b0:400a:807::2004]:443"

It can also be used via Docker:

$ docker run --rm -it nablac0d3/sslyze:5.0.0 www.google.com

Lastly, a pre-compiled Windows executable can be downloaded from the Releases page.

Python API Documentation

Documentation for SSLyze's Python API is available here.

Usage as a CI/CD step

By default, SSLyze will check the server's scan results against Mozilla's recommended "intermediate" TLS configuration, and will return a non-zero exit code if the server is not compliant.

$ python -m sslyze mozilla.com

Checking results against Mozilla's "intermediate" configuration. See https://ssl-config.mozilla.org/ for more details.

mozilla.com:443: OK - Compliant.

The Mozilla configuration to check against can be configured via --mozilla-config={old, intermediate, modern}:

$ python -m sslyze --mozilla-config=modern mozilla.com

Checking results against Mozilla's "modern" configuration. See https://ssl-config.mozilla.org/ for more details.

mozilla.com:443: FAILED - Not compliant.
    * certificate_types: Deployed certificate types are {'rsa'}, should have at least one of {'ecdsa'}.
    * certificate_signatures: Deployed certificate signatures are {'sha256WithRSAEncryption'}, should have at least one of {'ecdsa-with-SHA512', 'ecdsa-with-SHA256', 'ecdsa-with-SHA384'}.
    * tls_versions: TLS versions {'TLSv1.2'} are supported, but should be rejected.
    * ciphers: Cipher suites {'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'} are supported, but should be rejected.

This can be used to easily run an SSLyze scan as a CI/CD step.

Development environment

To setup a development environment:

$ pip install --upgrade pip setuptools wheel
$ pip install -e . 
$ pip install -r dev-requirements.txt

The tests can then be run using:

$ invoke test

License

Copyright (c) 2021 Alban Diquet

SSLyze is made available under the terms of the GNU Affero General Public License (AGPL). See LICENSE.txt for details and exceptions.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].