sslyze v4.1 releases: Fast and powerful SSL/TLS server scanning library
Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.4+.
SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive and should help organizations and testers identify misconfigurations affecting their SSL/TLS servers.
Key features include:
- Fully documented Python API, in order to run scans and process the results directly from Python.
- New: Support for TLS 1.3 (draft 18) and the ROBOT vulnerability.
- Scans are automatically dispatched among multiple processes, making them very fast.
- Performance testing: session resumption and TLS tickets support.
- Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more.
- Server certificate validation and revocation checking through OCSP stapling.
- Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres, and FTP.
- Scan results can be written to an XML or JSON file for further processing.
- And much more!
How does it work?
SSLyze is all Python code but it uses an OpenSSL wrapper written in C called nassl, which was specifically developed for allowing SSLyze to access the low-level OpenSSL APIs needed to perform deep SSL testing.
- SSLyze’s memory usage has been significantly reduced when scanning a lot of servers concurrently (#511).
- This will make it easier to deploy SSLyze to environments where memory is limited, such as AWS Lambda.
- For example, when queuing 100 server scans, memory usage will now reach a maximum of 150 MB, instead of 1400 MB in previous versions of SSLyze.
- Fixed errors when running
http_headerson specific server software (#517, #516).
- Removed usage of pipenv and switched back to a
SSLyze can be installed directly via pip:
pip install --upgrade setuptools pip install sslyze sslyze --regular www.yahoo.com:443 www.google.com "[2607:f8b0:400a:807::2004]:443"
It is also easy to directly clone the repository and the fetch the requirements:
git clone https://github.com/nabla-c0d3/sslyze.git cd sslyze pip install -r requirements.txt --upgrade python -m sslyze --regular www.yahoo.com:443 www.google.com "[2607:f8b0:400a:807::2004]:443"
On Linux, the python-dev package needs to be installed first so that the nassl C extension can be compiled:
sudo apt-get install python-dev
SSLyze has been tested on the following platforms: Windows 7 (32 and 64 bits), Debian 7 (32 and 64 bits), macOS Sierra
Usage as a library
SSLyze can be used as a Python module in order to run scans and process the results directly in Python. Full documentation is available here.
Copyright (C) 2017 nabla-c0d3