I just want the grade from testssl
Opened this issue · 3 comments
Which version are you referring to
v3.2.1
I have been using testssl for quite sometime and I must say that I can run my scans much faster than SSL Labs. I see that there are grades assigned to the scans after all the checks are completed. But to get the grades, I must run a default scan with no flags. This is a little time consuming given the fact that I have 10k+ domains to check.
Is there a possibility that I can only run specific checks and get the grade? I am not sure which all flags I must use.
Or maybe this could also be a feature request like a "--grade" flag which only runs specific checks necessary for grading.
Regards,
Shamanth.
Hi Shamanth,
--grade-only could be an idea, maybe @magnuslarsen will take that on. But please be aware that the best grade doesn't necessarily mean "all is perfect" nor a not so good grade necessarily means "all is bad".
For now these variables need to be set (see set_rating_state():
do_protocols do_cipherlists do_fs do_server_defaults do_header do_heartbleed do_ccs_injection do_ticketbleed do_robot do_renego do_crime do_ssl_poodle do_tls_fallback_scsv do_drown do_beast do_rc4 do_logjam
which corresponds to the respective cmd line args.
Looking at it: The most time consuming of those is the robot check. You will save a few cycles omitting the client connection simulation --but the --no-<flag> isn't implemented yet.
... plus at least do_allciphers or do_cipher_per_proto
I can definitely have a look, though I'm going on "summer" vacation next week. So I likely first finish it come October :-)