64 lines
1.5 KiB
Markdown
64 lines
1.5 KiB
Markdown
# compliance-scan
|
|
|
|
SSL/TLS configuration analysis with automated IANA/BSI compliance checking.
|
|
|
|
## Quick Start
|
|
|
|
```bash
|
|
# Scan
|
|
poetry run compliance-scan scan example.com:443,636
|
|
|
|
# Report
|
|
poetry run compliance-scan report -t md -o report.md
|
|
```
|
|
|
|
## Installation
|
|
|
|
```bash
|
|
poetry install
|
|
```
|
|
|
|
## Features
|
|
|
|
- Multi-port TLS/SSL scanning
|
|
- BSI TR-02102-1/2 compliance validation
|
|
- IANA recommendations checking
|
|
- Vulnerability detection (Heartbleed, ROBOT, CCS Injection)
|
|
- Certificate validation
|
|
- Multiple report formats (CSV, Markdown, reStructuredText)
|
|
|
|
## Commands
|
|
|
|
```bash
|
|
# Scan with ports
|
|
compliance-scan scan <hostname>:<port1>,<port2> [--print] [-db <path>]
|
|
|
|
# Generate report
|
|
compliance-scan report [scan_id] -t <csv|md|rest> [-o <file>]
|
|
|
|
# List scans
|
|
compliance-scan report --list
|
|
```
|
|
|
|
## Supported Protocols
|
|
|
|
Opportunistic TLS: SMTP, LDAP, IMAP, POP3, FTP, XMPP, RDP, PostgreSQL
|
|
Direct TLS: HTTPS, LDAPS, SMTPS, IMAPS, POP3S
|
|
|
|
## Documentation
|
|
|
|
**[Detailed Guide](docs/detailed-guide.md)** - Complete reference with CLI commands, database schema, compliance rules, and development guide.
|
|
|
|
## Requirements
|
|
|
|
- Python 3.13+
|
|
- SSLyze 6.0.0+
|
|
- Poetry
|
|
|
|
## Planned Features
|
|
|
|
- CLI command for updating IANA reference data
|
|
- Automated IANA registry updates from web sources base on `src/sslysze_scan/scan_iana.py`
|
|
- TLS Parameters: https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
|
|
- IKEv2 Parameters: https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml
|