Get SSL Labs Test Result PowerShell
Hello,
Today we’ll see how we can use PowerShell and the Web API of SSL Labs to analyze a site or several sites, and then retrieve the result in a nice formatted PowerShell object.
You can use the SSL Lab test from a any web browser at https://www.ssllabs.com/ssltest/index.html.
Get SSL Labs Test Result PowerShell – Web Browser
First, type the hostname of the website you want to test, then, click submit. A few tens of seconds later you should have the result. This is a great tool that will provide you a ton of information about your SSL configuration and security level of your website.
This website offers an API with a complete documentation:
- Documentation : https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md
- API URL: https://api.ssllabs.com/api/v2/
I wrote a PowerShell function to use it with easy for website analysis, you can access it on GitHub, it may be more recent than the extract here:
function Get-SslLabsScore{
[CmdletBinding()]
Param(
[Parameter(Mandatory = $true,
ValueFromPipelineByPropertyName = $true,
ValueFromPipeline = $true,
Position = 0)]
[String[]]$UrlList
)
Begin{
[int]$i = 0
}
Process{
Foreach ($Url in $UrlList) {
try {
$i++
Write-Progress -Activity "Checking URI" -Status "$Url - $i/$(@($UrlList).count) $($i/$(@($UrlList).count)*100 -as [int])%" -PercentComplete ($i/$(@($UrlList).count)*100 -as [int])
#API Doc https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md
$API = "https://api.ssllabs.com/api/v2/analyze?host=$url&all=on&maxAge=24&"
do{
$JsonData = Invoke-WebRequest -Uri $API -ErrorAction SilentlyContinue | ConvertFrom-Json
Write-Verbose -Message "$($Url): Status is $($JsonData.status), sleeping for 20 seconds"
Start-Sleep -seconds 20
}
while ((-Not($JsonData.status -eq "Ready") ))
New-Object -TypeName PSObject -Property @{
Host = $JsonData.Host
IPAddress = $JsonData.endpoints.ipAddress
Grade = $JsonData.endpoints.grade
StatusMessage = $JsonData.endpoints.statusMessage
DurationSeconds = $JsonData.endpoints.duration/1000 -as [int]
#Key
KeyStrength = $JsonData.endpoints.details.key.size
#Cert
CommonName = $JsonData.endpoints.details.cert | Select-Object -ExpandProperty commonNames
SAN = ($JsonData.endpoints.details.cert | Select-Object -ExpandProperty altNames) -join ','
Issuer = $JsonData.endpoints.details.cert.issuerLabel
notBefore = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notBefore)
notAfter = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notAfter)
sigAlg = $JsonData.endpoints.details.cert.sigAlg
}
}
catch {
Write-Warning -Message "$Url failed: $_ !"
}
}
}
End{
}
}
Get SSL Labs Test Result PowerShell – PowerShell
Note: As explain in one of my previous post, you can add the function to your PowerShell profile.
Get SSL Labs Test Result PowerShell – Inside a script
You can also use it inside a small script that you can share with your CISO for an easy usage:
#region functions
Function Show-FilePicker{
Param(
[String]$InitialDirectory = $pwd,
[String]$Title = 'Select the CSV file'
)
[System.Reflection.Assembly]::LoadWithPartialName('System.windows.forms') | Out-Null
$OpenFileDialog = New-Object -TypeName System.Windows.Forms.OpenFileDialog
$OpenFileDialog.Title = $Title
$OpenFileDialog.initialDirectory = $initialDirectory
$OpenFileDialog.filter = 'All files (*.txt)| *.txt'
$OpenFileDialog.ShowDialog() | Out-Null
#return
$OpenFileDialog.filename
}
function Get-SslLabsScore{
[CmdletBinding()]
Param(
[Parameter(Mandatory = $true,
ValueFromPipelineByPropertyName = $true,
ValueFromPipeline = $true,
Position = 0)]
[String[]]$UrlList
)
Begin{
[int]$i = 0
}
Process{
Foreach ($Url in $UrlList) {
try {
$i++
Write-Progress -Activity "Checking URI" -Status "$Url - $i/$(@($UrlList).count) $($i/$(@($UrlList).count)*100 -as [int])%" -PercentComplete ($i/$(@($UrlList).count)*100 -as [int])
#API Doc https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md
$API = "https://api.ssllabs.com/api/v2/analyze?host=$url&all=on&maxAge=24&"
do{
$JsonData = Invoke-WebRequest -Uri $API -ErrorAction SilentlyContinue | ConvertFrom-Json
Write-Verbose -Message "$($Url): Status is $($JsonData.status), sleeping for 20 seconds"
Start-Sleep -seconds 20
}
while ((-Not($JsonData.status -eq "Ready") ))
New-Object -TypeName PSObject -Property @{
Host = $JsonData.Host
IPAddress = $JsonData.endpoints.ipAddress
Grade = $JsonData.endpoints.grade
StatusMessage = $JsonData.endpoints.statusMessage
DurationSeconds = $JsonData.endpoints.duration/1000 -as [int]
#Key
KeyStrength = $JsonData.endpoints.details.key.size
#Cert
CommonName = $JsonData.endpoints.details.cert | Select-Object -ExpandProperty commonNames
SAN = ($JsonData.endpoints.details.cert | Select-Object -ExpandProperty altNames) -join ','
Issuer = $JsonData.endpoints.details.cert.issuerLabel
notBefore = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notBefore)
notAfter = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notAfter)
sigAlg = $JsonData.endpoints.details.cert.sigAlg
}
}
catch {
Write-Warning -Message "$Url failed: $_ !"
}
}
}
End{
}
}
#endregion
$InputFile = Show-FilePicker
$List = Get-Content -Path $InputFile
Get-SslLabsScore -UrlList $List | Export-Csv -NoTypeInformation -Delimiter ';' SslLabsResult.csv
Invoke-Item .\SslLabsResult.csvThe script will ask you for a TXT (with a graphical popup) file with a site list to analyze, export the result to a CSV, and then open the CSV with the default program configured on your computer. This is very handy for a non PowerShell used.