Labels

Qualys SSL labs API - A MultiThreaded python script to scan large number of servers and produce neat results

Hi Security enthusiast,

So if you were following closely on recent developments regarding SSL/TLS security, you might have heard that Qualys SSL labs released an API to automate the testing of internet hosted applications with their awesome hosted testing solution.


If you have not heard about it here is the location to their server testing page - https://www.ssllabs.com/ssltest/

And their API documentation here - https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs.md

So now that the API is released you can automate testing of any number of servers with any language that is able to talk with qualys server via HTTP protocol. My company wanted to test all of our servers with SSL labs, so i thought why can't i automate it with python or something. So here it is, i made a multithreaded python script to test a large number of servers in one go and get results in neat format that my management wanted :-)

The script is intended for python 2.7

You can find the script here - https://github.com/moheshmohan/pyssltest

The script takes a text file as input with the urls to servers that you need test listed line by line and it initites ssl lab tests on each of them (25 threads parallel so 25 tests) and based on the result it generates a CSV file with extended information from the results

Please note that the script currently supports only one endpoint per url, i will enhance it in future to iterate through each endpoints, in case of urls with multiple endpoints.

The results will contain the following items each row

Input_URL - The input URL 
Domain - The domain 
IP - The IP address it resolved to 
returncode - The value returned from Qualys server (READY, ERROR etc) 
Grade - The Grade as per Qualys rating 
Secondary grade - Secondary Grade as per qualys rating 
Now it contains these items per each server. Basically these contain Y (yes) or N (no) values and the headings are self explanatory

Freak
Poodle_TLS 
Insecure renegotiation 
OpenSSL ccs 
Insecure DH
SSL v2 
Poodle_SSL
wrong domain 
cert expired 
self signed cert
No TLS1.2?
SSL v3
RC4
cert chain issue
CRIME
forward secrecy not supported?
weak private key?
weak signature
secure renegotiation
TLS 1.0
TLS 1.1
TLS 1.2 

Running the script

To run the script you can use the following command

python pyssltest.py -i inp.txt -o inp.csv -n

I will explain each switches,

-i <filename> :- A text file with target urls listed line by line 
-o <filename> :- A csv file to which the output will be written 
-n  :- Optional, To always initiate new tests. If this is omitted cached results from qualys is fetched 
Its pretty simple and fast way to run ssl labs against a bunch of servers.

Please provide some feedback about script on comments below.

Thanks for reading
Labels:

Comments

  1. schavan223October 21, 2023 at 8:24 AM

    This comment has been removed by the author.

    ReplyDelete
    Replies
    1. raida maisaFebruary 16, 2024 at 12:06 PM

      I am glad to have found this topic. However, I don't have any specific information on this term in my current knowledge. I would like to share an important note about Personal Statement Writing Services, I also provide information about assignments and the challenges students face when they lack sufficient knowledge about their assignments and dissertations.

      Delete
  2. Diane SawyerNovember 6, 2023 at 1:01 PM

    Creating a multithreaded Python script to scan multiple servers using the Qualys SSL Labs API and produce organized results can be a powerful and efficient way to assess SSL/TLS configurations across numerous servers. need more assist in academics so Hire Someone To Take My Class is the best option for academic help they cover an extensive range of subjects, offering support in math, science, humanities, business, and more.

    ReplyDelete
  3. puran singhNovember 7, 2023 at 2:28 PM

    We as an Adventure Travel company aim to show you nice people the most beautiful
    visit: gokarna trek package

    ReplyDelete
  4. aliciaNovember 9, 2023 at 7:45 PM

    The script takes a text file as input with the urls of the servers you want to test online creatine gummies supplements usa listed line by line and starts SSL lab tests on each of them (25 threads concurrently, so 25 tests) and outputs a CSV file with the results.

    ReplyDelete
  5. sarah johnNovember 14, 2023 at 5:45 PM

    Your Python script for the Qualys SSL Labs API is a game changer! Efficiently scanning multiple servers with clean results makes managing SSL protection easy and digital marketing dissertation topics a valuable resource for cyber-security professionals.

    ReplyDelete
  6. sarkari021November 20, 2023 at 9:12 PM

    a that's great to have blog like this it may clear the many thought from this
    to see this - book innova crysta

    ReplyDelete
  7. Ken MilesJanuary 11, 2024 at 11:59 PM

    This comment has been removed by the author.

    ReplyDelete
  8. Vicky WhiteJanuary 16, 2024 at 10:59 PM

    Yes that's for sure QUALYS SSL LABS API plays a crucial role in ensuring the security of our digital ventures. As a leading app development company in florida, we prioritize and integrate advanced security measures to safeguard the integrity of our applications

    ReplyDelete
  9. vcubeJanuary 31, 2024 at 2:44 PM

    Great Article! I got too much information from this post. Thanks for sharing such a helpful article.
    Power bi Training in Kukatpally

    ReplyDelete
  10. SnowflakeSeptember 27, 2024 at 4:33 PM

    Great Article! I got too much information from this post. Thanks for sharing With Us
    Snowflake Training In Hyderabad

    ReplyDelete

Post a Comment