-
Notifications
You must be signed in to change notification settings - Fork 436
/
json-output.html
183 lines (142 loc) · 13.3 KB
/
json-output.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
<!DOCTYPE html>
<html lang="en" data-content_root="./">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.18.1: http://docutils.sourceforge.net/" />
<title>Exporting and processing scan results in JSON — SSLyze 6.0.0 documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="_static/alabaster.css?v=039e1c02" />
<script src="_static/documentation_options.js?v=12958129"></script>
<script src="_static/doctools.js?v=888ff710"></script>
<script src="_static/sphinx_highlight.js?v=dc90522c"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="Appendix: Scan Commands" href="available-scan-commands.html" />
<link rel="prev" title="Running a Scan in Python" href="running-a-scan-in-python.html" />
<link rel="stylesheet" href="_static/custom.css" type="text/css" />
<meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
</head><body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="exporting-and-processing-scan-results-in-json">
<h1>Exporting and processing scan results in JSON<a class="headerlink" href="#exporting-and-processing-scan-results-in-json" title="Link to this heading">¶</a></h1>
<p>The result of SSLyze scans can be serialized to JSON for further processing. SSLyze also provides a helper class to
parse JSON scan results; it can be used to process the results of SSLyze scans in a separate Python program.</p>
<p>A schema of the JSON output is available in the code repository at
<a class="reference external" href="https://github.com/nabla-c0d3/sslyze/blob/release/json_output_schema.json">./json_output_schema.json</a>.</p>
<section id="exporting-results-to-json-when-using-the-cli">
<h2>Exporting results to JSON when using the CLI<a class="headerlink" href="#exporting-results-to-json-when-using-the-cli" title="Link to this heading">¶</a></h2>
<p>When using the CLI, the scan results can be exported to a JSON file using the <code class="docutils literal notranslate"><span class="pre">--json_out</span></code> option:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ python -m sslyze www.google.com www.facebook.com --json_out=result.json
</pre></div>
</div>
<p>The generated JSON file can then be parsed, as described in the “Parsing the JSON output” section.</p>
</section>
<section id="exporting-results-to-json-when-using-the-api">
<h2>Exporting results to JSON when using the API<a class="headerlink" href="#exporting-results-to-json-when-using-the-api" title="Link to this heading">¶</a></h2>
<p>When using the API, the scan results can be exported to a JSON file using the <code class="docutils literal notranslate"><span class="pre">SslyzeOutputAsJson.from_orm()</span></code> method:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">example_json_result_output</span><span class="p">(</span>
<span class="n">json_file_out</span><span class="p">:</span> <span class="n">Path</span><span class="p">,</span>
<span class="n">all_server_scan_results</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="n">ServerScanResult</span><span class="p">],</span>
<span class="n">date_scans_started</span><span class="p">:</span> <span class="n">datetime</span><span class="p">,</span>
<span class="n">date_scans_completed</span><span class="p">:</span> <span class="n">datetime</span><span class="p">,</span>
<span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span>
<span class="n">json_output</span> <span class="o">=</span> <span class="n">SslyzeOutputAsJson</span><span class="p">(</span>
<span class="n">server_scan_results</span><span class="o">=</span><span class="p">[</span><span class="n">ServerScanResultAsJson</span><span class="o">.</span><span class="n">model_validate</span><span class="p">(</span><span class="n">result</span><span class="p">)</span> <span class="k">for</span> <span class="n">result</span> <span class="ow">in</span> <span class="n">all_server_scan_results</span><span class="p">],</span>
<span class="n">invalid_server_strings</span><span class="o">=</span><span class="p">[],</span> <span class="c1"># Not needed here - specific to the CLI interface</span>
<span class="n">date_scans_started</span><span class="o">=</span><span class="n">date_scans_started</span><span class="p">,</span>
<span class="n">date_scans_completed</span><span class="o">=</span><span class="n">date_scans_completed</span><span class="p">,</span>
<span class="p">)</span>
<span class="n">json_output_as_str</span> <span class="o">=</span> <span class="n">json_output</span><span class="o">.</span><span class="n">model_dump_json</span><span class="p">()</span>
<span class="n">json_file_out</span><span class="o">.</span><span class="n">write_text</span><span class="p">(</span><span class="n">json_output_as_str</span><span class="p">)</span>
</pre></div>
</div>
</section>
<section id="parsing-the-json-output">
<h2>Parsing the JSON output<a class="headerlink" href="#parsing-the-json-output" title="Link to this heading">¶</a></h2>
<p>A JSON results file generated by SSLyze can then be parsed using the <code class="docutils literal notranslate"><span class="pre">SslyzeOutputAsJson.from_file()</span></code> method:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">example_json_result_parsing</span><span class="p">(</span><span class="n">results_as_json_file</span><span class="p">:</span> <span class="n">Path</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span>
<span class="c1"># SSLyze scan results serialized to JSON were saved to this file using --json_out</span>
<span class="n">results_as_json</span> <span class="o">=</span> <span class="n">results_as_json_file</span><span class="o">.</span><span class="n">read_text</span><span class="p">()</span>
<span class="c1"># These results can be parsed</span>
<span class="n">parsed_results</span> <span class="o">=</span> <span class="n">SslyzeOutputAsJson</span><span class="o">.</span><span class="n">model_validate_json</span><span class="p">(</span><span class="n">results_as_json</span><span class="p">)</span>
<span class="c1"># Making it easy to do post-processing and inspection of the results</span>
<span class="nb">print</span><span class="p">(</span><span class="s2">"The following servers were scanned:"</span><span class="p">)</span>
<span class="k">for</span> <span class="n">server_scan_result</span> <span class="ow">in</span> <span class="n">parsed_results</span><span class="o">.</span><span class="n">server_scan_results</span><span class="p">:</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">"</span><span class="se">\n</span><span class="s2">****</span><span class="si">{</span><span class="n">server_scan_result</span><span class="o">.</span><span class="n">server_location</span><span class="o">.</span><span class="n">hostname</span><span class="si">}</span><span class="s2">:</span><span class="si">{</span><span class="n">server_scan_result</span><span class="o">.</span><span class="n">server_location</span><span class="o">.</span><span class="n">port</span><span class="si">}</span><span class="s2">****"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">server_scan_result</span><span class="o">.</span><span class="n">scan_status</span> <span class="o">==</span> <span class="n">ServerScanStatusEnum</span><span class="o">.</span><span class="n">ERROR_NO_CONNECTIVITY</span><span class="p">:</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">"That scan failed with the following error:</span><span class="se">\n</span><span class="si">{</span><span class="n">server_scan_result</span><span class="o">.</span><span class="n">connectivity_error_trace</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
<span class="k">continue</span>
<span class="k">assert</span> <span class="n">server_scan_result</span><span class="o">.</span><span class="n">scan_result</span>
<span class="n">certinfo_attempt</span> <span class="o">=</span> <span class="n">server_scan_result</span><span class="o">.</span><span class="n">scan_result</span><span class="o">.</span><span class="n">certificate_info</span>
<span class="k">if</span> <span class="n">certinfo_attempt</span><span class="o">.</span><span class="n">status</span> <span class="o">==</span> <span class="n">ScanCommandAttemptStatusEnum</span><span class="o">.</span><span class="n">ERROR</span><span class="p">:</span>
<span class="n">_print_failed_scan_command_attempt</span><span class="p">(</span><span class="n">certinfo_attempt</span><span class="p">)</span> <span class="c1"># type: ignore</span>
<span class="k">else</span><span class="p">:</span>
<span class="n">certinfo_result</span> <span class="o">=</span> <span class="n">server_scan_result</span><span class="o">.</span><span class="n">scan_result</span><span class="o">.</span><span class="n">certificate_info</span><span class="o">.</span><span class="n">result</span>
<span class="k">assert</span> <span class="n">certinfo_result</span>
<span class="k">for</span> <span class="n">cert_deployment</span> <span class="ow">in</span> <span class="n">certinfo_result</span><span class="o">.</span><span class="n">certificate_deployments</span><span class="p">:</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">" SHA1 of leaf certificate: </span><span class="si">{</span><span class="n">cert_deployment</span><span class="o">.</span><span class="n">received_certificate_chain</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">fingerprint_sha1</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
<span class="nb">print</span><span class="p">(</span><span class="s2">""</span><span class="p">)</span>
</pre></div>
</div>
<p>The resulting Python object then contains the scan results. Type annotations are available for all fields, thereby
making it easier to process the results.</p>
</section>
</section>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h1 class="logo"><a href="index.html">SSLyze</a></h1>
<h3>Navigation</h3>
<ul>
<li class="toctree-l1"><a class="reference internal" href="running-a-scan-in-python.html">Running a Scan in Python</a></li>
</ul>
<ul class="current">
<li class="toctree-l1 current"><a class="current reference internal" href="#">Exporting and processing scan results in JSON</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#exporting-results-to-json-when-using-the-cli">Exporting results to JSON when using the CLI</a></li>
<li class="toctree-l2"><a class="reference internal" href="#exporting-results-to-json-when-using-the-api">Exporting results to JSON when using the API</a></li>
<li class="toctree-l2"><a class="reference internal" href="#parsing-the-json-output">Parsing the JSON output</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="available-scan-commands.html">Appendix: Scan Commands</a></li>
</ul>
<div class="relations">
<h3>Related Topics</h3>
<ul>
<li><a href="index.html">Documentation overview</a><ul>
<li>Previous: <a href="running-a-scan-in-python.html" title="previous chapter">Running a Scan in Python</a></li>
<li>Next: <a href="available-scan-commands.html" title="next chapter">Appendix: Scan Commands</a></li>
</ul></li>
</ul>
</div>
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
<input type="submit" value="Go" />
</form>
</div>
</div>
<script>document.getElementById('searchbox').style.display = "block"</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="footer">
©Copyright 2024 Alban Diquet.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 7.2.6</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.13</a>
|
<a href="_sources/json-output.rst.txt"
rel="nofollow">Page source</a>
</div>
</body>
</html>