Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

erc-checktls

GitHub release GitHub issues Go Version Build Status GoDoc SemVer License Go Report Card

This is a small utility which will provide summary & diff-like operations for the reports generated by ssllabs-scan.

In addition the grade checked by Imirhil will be checked as well and displayed. We now retrieve the Mozilla Observatory grade as well.

Requirements

  • Go >= 1.10
  • jq (optional)

You need to install three of my modules if you are using Go 1.10.x or earlier.

go get github.com/keltia/proxy
go get github.com/keltia/cryptcheck
go get github.com/keltia/observatory

I also use a number of external modules:

github.com/atotto/encoding/csv
github.com/gobuffalo/packr
github.com/ivpusic/grpool
github.com/pkg/errors
github.com/olekukonko/tablewriter

If you want to run `make test`` you will need these:

github.com/stretchr/testify/assert
github.com/stretchr/testify/require

With Go 1.11+ and its modules support, it should work out of the box with

go get github.com/keltia/erc-checktls

Usage

SYNOPSIS

erc-checktls [-vDIMV] [-j N] [-t csv|text|html] [-o file] [-s file] [-S site] <json file>
  
  -D	Debug mode
  -I	Do not fetch tls.imirhil.fr grade
  -M	Do not fetch Mozilla Observatory data
  -R	Force refresh
  -S string
    	Display that site
  -j    Set the # of parallel jobs to run (default # of cores)
  -o string
    	Save into file (default stdout) (default "-")
  -s string
    	Save summary there (default "summary")
  -t string
    	Type of report (default "csv")
  -v	Verbose mode
  
If you just want to find all wildcard certificates use this:

  -wild
    	Display wildcards

The json file needs to be generated by running ssllabs-scan post-processed by jq like this:

ssllabs-scan -hostfile <host list> > <json file>

OPTIONS

Option Default Description
-D false Debug mode
-I false Do not fetch tls.imirhil.fr grade
-M false Do not fetch Mozilla Observatory data
-R false Force refresh
-S none Displays that site info only
-j # cores Set level of parallelism (default # of CPU cores
-o - Output into that file (default stdout)
-s summary Save summary in that file (default summary.html)
-t csv Output plain text, html or csv
-v false Be verbose
-wild Report wildcard certificates

Using behind a web Proxy

Dependency: proxy support is provided by my github.com/keltia/proxy module.

UNIX/Linux:

    export HTTP_PROXY=[http://]host[:port] (sh/bash/zsh)
    setenv HTTP_PROXY [http://]host[:port] (csh/tcsh)

Windows:

    set HTTP_PROXY=[http://]host[:port]

The rules of Go's ProxyFromEnvironment apply (HTTP_PROXY, HTTPS_PROXY, NO_PROXY, lowercase variants allowed).

If your proxy requires you to authenticate, please create a file named .netrc in your HOME directory with permissions either 0400 or 0600 with the following data:

machine proxy user <username> password <password>

and it should be picked up. On Windows, the file will be located at

%LOCALAPPDATA%\proxy\netrc

TODO

  • Implement full online calls for SSLLabs
  • Better separation between batch & online mode

License

The BSD 2-Clause license.

Contributing

This project is an open Open Source project, please read CONTRIBUTING.md.

Feedback

We welcome pull requests, bug fixes and issue reports.

Before proposing a large change, first please discuss your change by raising an issue.

About

Parse the JSON result of ssllabs-scan and do various things/summaries

Topics

Resources

License

Packages

No packages published