Get SSL Labs Test Result PowerShell


Today we’ll see how we can use PowerShell and the Web API of SSL Labs to analyze a site or several sites, and then retrieve the result in a nice formatted PowerShell object.

You can use the SSL Lab test from a any web browser at https://www.ssllabs.com/ssltest/index.html .

First, type the hostname of the website you want to test, then, click submit. A few tens of seconds later you should have the result. This is a great tool that will provide you a ton of information about your SSL configuration and security level of your website.

This website offers an API with a complete documentation:

Documentation : https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md API URL: https://api.ssllabs.com/api/v2/

I wrote a PowerShell function to use it with easy for website analysis, you can access it on GitHub , it may be more recent than the extract here:

function Get-SslLabsScore{ [CmdletBinding()] Param( [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ValueFromPipeline = $true, Position = 0)] [String[]]$UrlList ) Begin{ [int]$i = 0 } Process{ Foreach ($Url in $UrlList) { try { $i++ Write-Progress -Activity "Checking URI" -Status "$Url - $i/$(@($UrlList).count) $($i/$(@($UrlList).count)*100 -as [int])%" -PercentComplete ($i/$(@($UrlList).count)*100 -as [int]) #API Doc https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md $API = "https://api.ssllabs.com/api/v2/analyze?host=$url&all=on&maxAge=24&" do{ $JsonData = Invoke-WebRequest -Uri $API -ErrorAction SilentlyContinue | ConvertFrom-Json Write-Verbose -Message "$($Url): Status is $($JsonData.status), sleeping for 20 seconds" Start-Sleep -seconds 20 } while ((-Not($JsonData.status -eq "Ready") )) New-Object -TypeName PSObject -Property @{ Host = $JsonData.Host IPAddress = $JsonData.endpoints.ipAddress Grade = $JsonData.endpoints.grade StatusMessage = $JsonData.endpoints.statusMessage DurationSeconds = $JsonData.endpoints.duration/1000 -as [int] #Key KeyStrength = $JsonData.endpoints.details.key.size #Cert CommonName = $JsonData.endpoints.details.cert | Select-Object -ExpandProperty commonNames SAN = ($JsonData.endpoints.details.cert | Select-Object -ExpandProperty altNames) -join ',' Issuer = $JsonData.endpoints.details.cert.issuerLabel notBefore = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notBefore) notAfter = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notAfter) sigAlg = $JsonData.endpoints.details.cert.sigAlg } } catch { Write-Warning -Message "$Url failed: $_ !" } } } End{ } }
Note: As explain in one of my previous post , you can add the function to your PowerShell profile.

You can also use it inside a small script that you can share with your CISO for an easy usage:

#region functions Function Show-FilePicker{ Param( [String]$InitialDirectory = $pwd, [String]$Title = 'Select the CSV file' ) [System.Reflection.Assembly]::LoadWithPartialName('System.windows.forms') | Out-Null $OpenFileDialog = New-Object -TypeName System.Windows.Forms.OpenFileDialog $OpenFileDialog.Title = $Title $OpenFileDialog.initialDirectory = $initialDirectory $OpenFileDialog.filter = 'All files (*.txt)| *.txt' $OpenFileDialog.ShowDialog() | Out-Null #return $OpenFileDialog.filename } function Get-SslLabsScore{ [CmdletBinding()] Param( [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ValueFromPipeline = $true, Position = 0)] [String[]]$UrlList ) Begin{ [int]$i = 0 } Process{ Foreach ($Url in $UrlList) { try { $i++ Write-Progress -Activity "Checking URI" -Status "$Url - $i/$(@($UrlList).count) $($i/$(@($UrlList).count)*100 -as [int])%" -PercentComplete ($i/$(@($UrlList).count)*100 -as [int]) #API Doc https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md $API = "https://api.ssllabs.com/api/v2/analyze?host=$url&all=on&maxAge=24&" do{ $JsonData = Invoke-WebRequest -Uri $API -ErrorAction SilentlyContinue | ConvertFrom-Json Write-Verbose -Message "$($Url): Status is $($JsonData.status), sleeping for 20 seconds" Start-Sleep -seconds 20 } while ((-Not($JsonData.status -eq "Ready") )) New-Object -TypeName PSObject -Property @{ Host = $JsonData.Host IPAddress = $JsonData.endpoints.ipAddress Grade = $JsonData.endpoints.grade StatusMessage = $JsonData.endpoints.statusMessage DurationSeconds = $JsonData.endpoints.duration/1000 -as [int] #Key KeyStrength = $JsonData.endpoints.details.key.size #Cert CommonName = $JsonData.endpoints.details.cert | Select-Object -ExpandProperty commonNames SAN = ($JsonData.endpoints.details.cert | Select-Object -ExpandProperty altNames) -join ',' Issuer = $JsonData.endpoints.details.cert.issuerLabel notBefore = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notBefore) notAfter = ([DateTime]'1/1/1970').AddMilliseconds($JsonData.endpoints.details.cert.notAfter) sigAlg = $JsonData.endpoints.details.cert.sigAlg } } catch { Write-Warning -Message "$Url failed: $_ !" } } } End{ } } #endregion $InputFile = Show-FilePicker $List = Get-Content -Path $InputFile Get-SslLabsScore -UrlList $List | Export-Csv -NoTypeInformation -Delimiter ';' SslLabsResult.csv Invoke-Item .\SslLabsResult.csv

The script will ask you for a TXT (with a graphical popup) file with a site list to analyze, export the result to a CSV, and then open the CSV with the default program configured on your computer. This is very handy for a non PowerShell used.

