Does not follow redirect
frakman1 opened this issue · comments
when I run it against my cable modem/router, it won't scan:
$ python3 -m sslyze 192.168.0.1:443
AVAILABLE PLUGINS
-----------------
OpenSslCcsInjectionPlugin
RobotPlugin
SessionRenegotiationPlugin
CompressionPlugin
SessionResumptionPlugin
HttpHeadersPlugin
OpenSslCipherSuitesPlugin
FallbackScsvPlugin
CertificateInfoPlugin
EarlyDataPlugin
HeartbleedPlugin
CHECKING HOST(S) AVAILABILITY
-----------------------------
192.168.0.1:443 => 192.168.0.1
SCAN COMPLETED IN 0.08 S
------------------------
However it brings up a webpage when I go to it on my browser
It redirects internally to https and takes me to the login page:
But I can also browse directly to https://192.168.0.1
Is sslyze tripping up because it can't follow redirects or something?
port 443 is available because I can telnet to it:
$ telnet 192.168.0.1 443
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
nmap shows 80 and 443 as open:
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nevermind, I was missing the --regular command.
The README does not include this in the example given:
$ python -m sslyze www.yahoo.com www.google.com "[2607:f8b0:400a:807::2004]:443"
This led me to think that it performs tests by default like testssl.sh and sslscan.
Please update the README example to include this.
You might have been using an old version. In current versions,
python3 -m sslyze 192.168.0.1:443
will run tests without having to specify --regular
Interesting. I checked and I am using version 2.1.4 and I installed it according to the instructions in the README page
pip3 install --upgrade sslyze
$ python3 -m sslyze --version
2.1.4
$ pip3 --version
pip 9.0.1 from /usr/lib/python3/dist-packages (python 3.6)
$ python3 --version
Python 3.6.9
I am using Ubuntu 18.
Current version of sslyze is 5.1.0. It might be due to your version of Python that is really old.
I updated my python version and then used the latest sslyze and finally got it to work.
Thank you for your support.
It would be nice if the output included a small header with information about the version of sslyze that's currently running and possibly other userful information like python version, system details etc. to aid in future troubleshooting.
Including some installation notes for future reference:
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
...
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get install python3.9
#optionally setup alternatives menu
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 2
sudo update-alternatives --config python3
sudo apt install python3.9-distutils
sudo apt install python3.9-dev #optional
python3.9 -m pip install --upgrade pip setuptools wheel
python3.9 -m pip install --upgrade sslyze
python3.9 -m sslyze 192.168.0.1:443Theh old version of sslyze supported the --version command.
The latest one does not.
How can I report the current version of sslyze?
$ python3.9 -m sslyze --version
usage: sslyze [-h] [--update_trust_stores] [--cert CERTIFICATE_FILE] [--key KEY_FILE] [--keyform KEY_FORMAT] [--pass PASSPHRASE] [--json_out JSON_FILE] [--targets_in TARGET_FILE] [--quiet] [--slow_connection] [--https_tunnel PROXY_SETTINGS]
[--starttls PROTOCOL] [--xmpp_to HOSTNAME] [--sni SERVER_NAME_INDICATION] [--sslv2] [--openssl_ccs] [--reneg] [--resum] [--resum_attempts RESUM_ATTEMPTS] [--tlsv1_3] [--compression] [--heartbleed] [--http_headers] [--elliptic_curves]
[--sslv3] [--tlsv1_1] [--tlsv1_2] [--certinfo] [--certinfo_ca_file CERTINFO_CA_FILE] [--tlsv1] [--fallback] [--early_data] [--robot] [--mozilla_config {modern,intermediate,old,disable}]
[target ...]
sslyze: error: unrecognized arguments: --version-- UPDATE --:
Nevermind.
I found it in the help -h output
SSLyze version 5.1.0