This tool calls the SSL Labs API to do SSL testings on the given hosts, and generates csv and html reports.
- The tool uses API v4 if you provide your registered email with Qualys SSLLabs via the
--emailargument. - The tool uses API v3 if you do not specify the
--emailargument. Note that v3 will be being deprecated in 2024 by Qualys.
All notable changes to this project will be documented in CHANGELOG.
- Python - support Python 3.9, 3.10, 3.11, 3.12.
- CodeQL is enabled in this repository.
- Dependabot is enabled for auto dependency updates.
- Gitleaks and TruffleHog are enabled in this GitHub Actions workflow for detecting and preventing hardcoded secrets.
Sample input: sample/SampleServerList.txt
- summary.html (sample output: sample/summary.html)
- summary.csv (sample output: sample/summary.csv)
- hostname.json (sample output: sample/google.com.json)
Sample html output:
You can change the report template and styles in these files:
ℹ️ Please note that from Qualys SSLLabs API v4, you must use a one-time registration with Qualys SSLLabs. For details see Introduction of API v4 for Qualys SSLLabs and deprecation of API v3.
The API v3 API will be available until the end of 2023 (Dec 31st 2023), and starting from 1st January 2024, we will be deprecating the API v3 support for SSL Labs. Request all customers to move to API v4.
ℹ️ Please note that the SSL Labs Assessment API has access rate limits. You can find more details in the sections "Error Response Status Codes" and "Access Rate and Rate Limiting" in the official SSL Labs API Documentation. Some common status codes are:
- 400 - invocation error (e.g., invalid parameters)
- 429 - client request rate too high or too many new assessments too fast
- 500 - internal error
- 503 - the service is not available (e.g., down for maintenance)
- 529 - the service is overloaded
# Create and activate a new virtual env (optional)
virtualenv env
. env/bin/activate
# Install
pip install -e .
# Run with v3 (v3, which does not required a registered email, will be being deprecated in 2024)
ssllabs-scan sample/SampleServerList.txt
# Run with v4
ssllabs-scan sample/SampleServerList.txt --email <your registered email with Qualys SSLLabs>
# Create and activate a new virtual env (optional)
virtualenv env
env\Scripts\activate
# Install
pip install -e .
# Run with v3 (v3, which does not required a registered email, will be being deprecated in 2024)
ssllabs-scan sample\SampleServerList.txt
# Run with v4
ssllabs-scan sample\SampleServerList.txt --email <your registered email with Qualys SSLLabs>
# Build docker image
docker build . --tag=ssllabsscan
Running Docker from commandline:
# create directory for input and output
mkdir out
# put serverlist in directory
cp SampleServerlist.txt out
# Run docker image with created directory mounted as /tmp
# use -t option to prevent output buffering
docker run --mount type=bind,source=./out,target=/tmp ssllabsscan -o /tmp/output.html -s /tmp/output.csv /tmp/SampleServerList.txt
# all html, csv, json output is in the out directory
$ ssllabs-scan sample/SampleServerList.txt
Start analyzing duckduckgo.com...
Status: DNS, StatusMsg(Resolving domain names): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Start analyzing google.com...
Status: DNS, StatusMsg(Resolving domain names): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Status: IN_PROGRESS, StatusMsg(None): waiting 30 secs until next check...
Creating summary.html ...
pip install -r requirements-build.txt
tox -r