Parse the JSON result of ssllabs-scan and do various things/summaries
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
files
testdata
.gitignore
.travis.yml
HOWTO.md
LICENSE
Makefile
README.md
categories.go
categories_test.go
cli.go
cli_test.go
go.mod
go.sum
html.go
html_test.go
main.go
main_test.go
report.go
report_test.go
resources.go
resources_test.go
site.go
site_test.go
summaries.go
summaries_test.go
types.go
utils.go
utils_test.go

README.md

erc-checktls

GitHub release GitHub issues Go Version Build Status GoDoc SemVer License Go Report Card

This is a small utility which will provide summary & diff-like operations for the reports generated by ssllabs-scan.

In addition the grade checked by Imirhil will be checked as well and displayed. We now retrieve the Mozilla Observatory grade as well.

Requirements

  • Go >= 1.10
  • jq (optional)

You need to install three of my modules if you are using Go 1.10.x or earlier.

go get github.com/keltia/proxy
go get github.com/keltia/cryptcheck
go get github.com/keltia/observatory

With Go 1.11+ and its modules support, it should work out of the box with

go get github.com/keltia/erc-checktls

Usage

SYNOPSIS

erc-checktls [-IMvV] [-t csv|text|html] [-o file] [-s file] [-S site] <json file>
  
  -D	Debug mode
  -I	Do not fetch tls.imirhil.fr grade
  -M	Do not fetch Mozilla Observatory data
  -R	Force refresh
  -S string
    	Display that site
  -V	More verbose mode
  -o string
    	Save into file (default stdout) (default "-")
  -s string
    	Save summary there (default "summary")
  -t string
    	Type of report (default "csv")
  -v	Verbose mode
  -wild
    	Display wildcards

The json file needs to be generated by running ssllabs-scan post-processed by jq like this:

ssllabs-scan -hostfile <host list> > <json file>

OPTIONS

Option Default Description
-D false Debug mode
-I false Do not fetch tls.imirhil.fr grade
-M false Do not fetch Mozilla Observatory data
-R false Force refresh
-S none Displays that site info only
-o - Output into that file (default stdout)
-s none Save summary in that file
-t csv Output plain text, html or csv
-v false Be verbose
-V false More verbose: displays ciphers info
-wild Report wildcard certificates

Using behind a web Proxy

Dependency: proxy support is provided by my github.com/keltia/proxy module.

UNIX/Linux:

    export HTTP_PROXY=[http://]host[:port] (sh/bash/zsh)
    setenv HTTP_PROXY [http://]host[:port] (csh/tcsh)

Windows:

    set HTTP_PROXY=[http://]host[:port]

The rules of Go's ProxyFromEnvironment apply (HTTP_PROXY, HTTPS_PROXY, NO_PROXY, lowercase variants allowed).

If your proxy requires you to authenticate, please create a file named .netrc in your HOME directory with permissions either 0400 or 0600 with the following data:

machine proxy user <username> password <password>

and it should be picked up. On Windows, the file will be located at

%LOCALAPPDATA%\proxy\netrc

TODO

  • Implement full online calls for SSLLabs
  • Better separation between batch & online mode

License

The [BSD 2-Clause license][bsd].

Feedback

We welcome pull requests, bug fixes and issue reports.

Before proposing a large change, first please discuss your change by raising an issue.