This scanner takes the following parameters:
-
--hosts @HOSTS
Specification of hosts to scan
- --gradeonly
Only process the findings that give a grade
- --api (-a)
- URL of the ssllabs API, defaults to
https://api.ssllabs.com/api/v2/
- --sleep
- Seconds to sleep between polls of the API (default=15)
Lower then 15 seconds is considered rude and a violation of
the terms of usage of the API
- --nosslcheck
- Do not check the validity of the API SSL certificate
this can be used when the PI is e.g. intercepted by
a proxy that does not have a recognised SSL certificate
or when a outdated operating system is used (NOT RECOMMENDED)
- --useragent
- Use a custom user agent string. Default: seccubus-ssllabs v0.1
The default user agent string of REST::Client is appended
to this user agent string
- --no-clear-cache
- Do not clear the cache of the SSL labs scan engine
Gives results faster but may be less accurate
- --from-cache
- Prefer cached results over fresh results (for very
quick results)
- --publish
- Publish the results of this scan on the SSL labs website
- --cdn
- Since end nodes may vary when using CDN networks, the
ip addresses of endpoints will be replaced with ipv4 or ipv6
if endpoints don't give consistent results this will be
highlighted in the finding text
- --nodelete
- Don't erase temporary files
- --verbose (-v)
- Be verbose during execution (repeat to increase verbosity)
- --quiet (-q)
- Don't print output
You must use --hosts @HOSTS
As hostnames enter the domainnames you would normally enter on
https://www.ssllabs.com
- $HOSTS is subsituted with the contents of the host field
- @HOSTS is subsituted with the path of a file containig the hosts field
- $WORSKPACE is subsituted with the workspace name
- $SCAN is substituted with the scan name
- $PASSWORD is substituted with the value in the password field