# compliance-scan

SSL/TLS configuration analysis with automated IANA/BSI compliance checking.

## Quick Start

```bash
# Scan
poetry run compliance-scan scan example.com:443,636

# Report
poetry run compliance-scan report -t md -o report.md
```

## Installation

```bash
poetry install
```

## Features

- Multi-port TLS/SSL scanning
- BSI TR-02102-1/2 compliance validation
- IANA recommendations checking
- Vulnerability detection (Heartbleed, ROBOT, CCS Injection)
- Certificate validation
- Multiple report formats (CSV, Markdown, reStructuredText)

## Commands

```bash
# Scan with ports
compliance-scan scan <hostname>:<port1>,<port2> [--print] [-db <path>]

# Generate report
compliance-scan report [scan_id] -t <csv|md|rest> [-o <file>]

# List scans
compliance-scan report --list
```

## Supported Protocols

Opportunistic TLS: SMTP, LDAP, IMAP, POP3, FTP, XMPP, RDP, PostgreSQL
Direct TLS: HTTPS, LDAPS, SMTPS, IMAPS, POP3S

## Documentation

**[Detailed Guide](docs/detailed-guide.md)** - Complete reference with CLI commands, database schema, compliance rules, and development guide.

## Requirements

- Python 3.13+
- SSLyze 6.0.0+
- Poetry

## Planned Features

- CLI command for updating IANA reference data
- Automated IANA registry updates from web sources base on `src/sslysze_scan/scan_iana.py`
  - TLS Parameters: https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
  - IKEv2 Parameters: https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml