The SSL auditor can be used to scan large amounts of DNS names in paralel for common SSL weaknesses, such as usage of deprecated SSLv2/SSLv3 certificates, self signed certificates and improper usage of wildcards certificates for your domains. The results are shown in the console but also stored in a CSV for easy tracking of certificates over time. The tool leverages the existing “sslyze” library but allows a handier CSV export and it will run quicker due to multiprocessing.
The tool has been tested on Debian and Mac OSX, but should work on other platforms too. Besides Python, install the following two packages using ‘python-pip’;
pip install sslyze
pip install nassl
git clone https://github.com/marekq/ssl-audit && cd ssl-audit
python ssl-audit.py example-input.csv (example)