{"id":24698931,"url":"https://github.com/artioml/tls-scan","last_synced_at":"2025-07-04T12:33:39.565Z","repository":{"id":202348148,"uuid":"73051602","full_name":"ArtiomL/tls-scan","owner":"ArtiomL","description":":closed_lock_with_key: Automated TLS/SSL server tests for multiple hosts using the SSL Labs API","archived":false,"fork":false,"pushed_at":"2019-01-16T09:50:18.000Z","size":194,"stargazers_count":10,"open_issues_count":2,"forks_count":8,"subscribers_count":2,"default_branch":"develop","last_synced_at":"2025-04-02T21:42:18.502Z","etag":null,"topics":["cipher-suites","crypto-cve","multiple-hosts","rest-api","slack","ssl-labs","tls-scan"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ArtiomL.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-11-07T07:10:53.000Z","updated_at":"2020-02-06T00:02:36.000Z","dependencies_parsed_at":"2023-10-20T12:50:23.414Z","dependency_job_id":null,"html_url":"https://github.com/ArtiomL/tls-scan","commit_stats":null,"previous_names":["artioml/tls-scan"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/ArtiomL/tls-scan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ArtiomL%2Ftls-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ArtiomL%2Ftls-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ArtiomL%2Ftls-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ArtiomL%2Ftls-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ArtiomL","download_url":"https://codeload.github.com/ArtiomL/tls-scan/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ArtiomL%2Ftls-scan/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263542602,"owners_count":23477454,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cipher-suites","crypto-cve","multiple-hosts","rest-api","slack","ssl-labs","tls-scan"],"created_at":"2025-01-27T04:34:53.786Z","updated_at":"2025-07-04T12:33:39.543Z","avatar_url":"https://github.com/ArtiomL.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# \u003cimg align=\"center\" src=\"img/a.png\" height=\"64\"\u003e\u0026nbsp;\u0026nbsp;tls-scan\n[![Build Status](https://img.shields.io/travis/ArtiomL/tls-scan.svg)](https://travis-ci.org/ArtiomL/tls-scan)\n[![Releases](https://img.shields.io/github/release/ArtiomL/tls-scan.svg)](https://github.com/ArtiomL/tls-scan/releases)\n[![Commits](https://img.shields.io/github/commits-since/ArtiomL/tls-scan/v1.3.1.svg?label=commits%20since)](https://github.com/ArtiomL/tls-scan/commits/master)\n[![Maintenance](https://img.shields.io/maintenance/yes/2019.svg)](https://github.com/ArtiomL/tls-scan/graphs/code-frequency)\n[![Issues](https://img.shields.io/github/issues/ArtiomL/tls-scan.svg)](https://github.com/ArtiomL/tls-scan/issues)\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](/LICENSE)\n\n\u0026nbsp;\u0026nbsp;\n\n## Table of Contents\n- [Description](#description)\n- [Installation](#installation)\n\t- [Dependencies](#dependencies)\n\t- [Git](#git)\n\t- [Docker](#docker)\n\t- [tls_scan.json](#tls_scanjson)\n\t- [tls_scan.py](#tls_scanpy)\n- [Logging](#logging)\n- [Help](#--help)\n- [License](LICENSE)\n\n\u0026nbsp;\u0026nbsp;\n\n## Description\n\nAutomated TLS/SSL server tests for multiple hosts using the [SSL Labs](https://www.ssllabs.com/ssltest/) REST [API](https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md).\n\nThe code in this repository allows you to scan a list of public TLS/SSL web servers for certificate issues, protocol and cipher suite support, crypto vulnerabilities [etc](https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide).\n\nRunning (*up to* **_10_**) concurrent assessments is supported (`-s`), but please keep down the number of concurrent assessments to a minimum. If you're not in a hurry, test only one hostname at a time (default).\n\nThe grade report can then be sent to a Slack channel (`-k`), by mail (`-m`) or written to **_stdout_**:\n\n```\n[A+] artioml.net, 0e411f05, Ready (121 sec.)\n```\n\nEndpoint IP addresses are obfuscated with the first 8 chars of their SHA-256 hash by default (`-i` to show).\n\nPrinting full assessment JSONs is also supported (`-j`).\n\n\u0026nbsp;\u0026nbsp;\n\n## Installation\n\n### Dependencies\n[Requests](http://docs.python-requests.org/en/master/user/install/#install) HTTP library:\n```shell\npip install requests\n```\nSlack [Developer Kit](https://slackapi.github.io/python-slackclient/):\n```shell\npip install slackclient\n```\nOr simply:\n```shell\npip install -r requirements.txt\n```\n\n### Git\n```shell\ngit clone https://github.com/ArtiomL/tls-scan.git\n```\nor [download](https://github.com/ArtiomL/tls-scan/archive/master.zip).\n\n### Docker\n```shell\n# Shell\ndocker run -it --rm artioml/tls-scan\n# Non-interactive\ndocker run -it --rm artioml/tls-scan tls_scan.py --help\n# Extensibility\ndocker run -it --rm -e \"REPO=drwetter/testssl.sh\" artioml/tls-scan\n```\n\n### [tls_scan.json](tls_scan.json)\nTo be able to send the report to a Slack channel (`-k`) or by mail (`-m`) [tls_scan.py](tls_scan.py) must be provided with an API token and/or SMTP credentials. The same [config file](tls_scan.json) is used to specify a list of hosts to scan:\n```json\n{\n\t\"server\": \"smtp.gmail.com:587\",\n\t\"user\": \"marla@gmail.com\",\n\t\"pass\": \"d293TXVjaEZha2Ux\",\n\t\"from\": \"marla@gmail.com\",\n\t\"to\": \"tyler@gmail.com; chloe@gmail.com\",\n\t\"token\": \"eG94Yi1YWFhYWFhYWFhYWFgtVFRUVFRUVFRUVFRUVFQ=\",\n\t\"channel\": \"#code\",\n\t\"hosts\": [\n\t\t\"example.com\",\n\t\t\"example.net\",\n\t\t\"example.org\"\n\t]\n}\n```\nSchema:\n\n| Attribute  | Value           |\n| :--------- |:--------------- |\n| server     | SMTP server host:port |\n| user       | username |\n| pass       | password ([base64-encoded](https://github.com/ArtiomL/tls-scan/issues/17#issuecomment-286020627)) |\n| from       | from-address string ([RFC 822](https://tools.ietf.org/html/rfc822.html)) |\n| to         | to-address(es) - delimit with `;` |\n| token      | Slack bot API token (base64-encoded) |\n| channel    | Slack channel ID or name |\n| hosts      | list of hosts to scan |\n\n\u0026nbsp;\u0026nbsp;\n\nThe config file path is controlled by the `-f` command line argument or the `strCFile` global variable (in [tls_scan.py](tls_scan.py)):\n```python\n# Config file\nstrCFile = 'tls_scan.json'\n```\n\n### [tls_scan.py](tls_scan.py)\nThis is the actual scan / report logic.\n\u0026nbsp;\u0026nbsp;\n\nRun this program with command-line [arguments](#--help) relevant to your use case. For example:\n```shell\nchmod u+x tls_scan.py\n./tls_scan.py -f tls_scan.json -i -k -l2 -m -s3\n```\nUsing cron (or a similar time-based job scheduler) to perform recurring, periodic scans is recommended.\n\n\u0026nbsp;\u0026nbsp;\n\n## Logging\nAll logging is **disabled** by default. Please use the `-l {0,1,2,3}` argument to set the required verbosity.\n\u0026nbsp;\u0026nbsp;\n\nAlternatively, this is controlled by the `intLogLevel` variable of the [log](/lib/log.py) library:\n```python\n# Log level to /var/log/messages (or stdout)\nintLogLevel = 0\n```\nIf run interactively, **_stdout_** is used for log messages (unless `-j` is set), otherwise `/var/log/messages` will be used.\n\n\u0026nbsp;\u0026nbsp;\n\n## --help\n```\n./tls_scan.py --help\nusage: tls_scan.py [-h] [-c] [-f CFILE] [-i] [-j] [-k] [-l {0,1,2,3}] [-m]\n                   [-s [2-10]] [-t] [-v]\n                   [HOST [HOST ...]]\n\nAutomated TLS/SSL Server Tests for Multiple Hosts\n\npositional arguments:\n  HOST          list of hosts to scan (overrides config file)\n\noptional arguments:\n  -h, --help    show this help message and exit\n  -c            deliver cached assessment reports if available\n  -f CFILE      config file location\n  -i            show IP addresses (default: first 8 chars of their SHA-256)\n  -j            return assessment JSONs (default: grades), disables -m and -k\n  -k            send report to a Slack channel\n  -l {0,1,2,3}  set log level (default: 0)\n  -m            send report by mail\n  -s [2-10]     number of simultaneous assessments (default: 1)\n  -t            ignore server certificate mismatch\n  -v            show program's version number and exit\n\nhttps://github.com/ArtiomL/tls-scan\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartioml%2Ftls-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fartioml%2Ftls-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartioml%2Ftls-scan/lists"}