Automating SSL Labs Scan

Photo by Alex Knight on Unsplash

The website https://www.ssllabs.com/ssltest/ is abolutely brilliant.

Well you can down load and compile a command line version from https://github.com/ssllabs/ssllabs-scan

./ssllabs-scan-v3 --quiet --grade aardvark.herts.ac.uk 

HostName:"aardvark.herts.ac.uk"
"147.197.131.119":"A+"

You can kick it off with a list too

./ssllabs-scan-v3 -grade -ignore-mismatch -insecure  -usecache -maxage 120 -hostfile hosts.txt

I can see this python script by Kay Hau https://github.com/kyhau/ssllabs-scan/ where the verbose output is created in HTML to give a nice report.

Well it’s nice to be able to automate the checking of yours sites, however, it relies on checks made from outside. In the T&C’s it talks about sending assessment requests to remote SSL Labs servers. So actually it won’t check your internal only servers.

Anyway its this easy to put in obtain and run:

mkdir ssllabs
yum install go git
git clone https://github.com/ssllabs/ssllabs-scan.git
cd ssllabs-scan/
make
./ssllabs-scan-v3

The output from Kay Hau’s script looks like this. Well done Kay.