1.5 KiB
1.5 KiB
compliance-scan
SSL/TLS configuration analysis with automated IANA/BSI compliance checking.
Quick Start
# Scan
poetry run compliance-scan scan example.com:443,636
# Report
poetry run compliance-scan report -t md -o report.md
Installation
poetry install
Features
- Multi-port TLS/SSL scanning
- BSI TR-02102-1/2 compliance validation
- IANA recommendations checking
- Vulnerability detection (Heartbleed, ROBOT, CCS Injection)
- Certificate validation
- Multiple report formats (CSV, Markdown, reStructuredText)
Commands
# Scan with ports
compliance-scan scan <hostname>:<port1>,<port2> [--print] [-db <path>]
# Generate report
compliance-scan report [scan_id] -t <csv|md|rest> [-o <file>]
# List scans
compliance-scan report --list
Supported Protocols
Opportunistic TLS: SMTP, LDAP, IMAP, POP3, FTP, XMPP, RDP, PostgreSQL Direct TLS: HTTPS, LDAPS, SMTPS, IMAPS, POP3S
Documentation
Detailed Guide - Complete reference with CLI commands, database schema, compliance rules, and development guide.
Requirements
- Python 3.13+
- SSLyze 6.0.0+
- Poetry
Planned Features
- CLI command for updating IANA reference data
- Automated IANA registry updates from web sources base on
src/sslysze_scan/scan_iana.py- TLS Parameters: https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
- IKEv2 Parameters: https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml