TLS cipher suite auditor using SSLyze, BSI TR-02102-2, ciphersuite.info, and Mozilla TLS guidelines.
Project description
CipherScout
CipherScout is a TLS cipher suite auditing tool built on top of SSLyze, Mozilla TLS guidelines, ciphersuite.info, and BSI TR-02102-2.
It scans TLS endpoints, evaluates accepted cipher suites, validates certificate cryptography against Mozilla recommendations, detects weak TLS configurations, and generates Markdown security reports.
Features
- TLS endpoint scanning using SSLyze
- Accepted cipher suite enumeration
- BSI TR-02102-2 cipher suite comparison
- ciphersuite.info security classification
- Mozilla TLS guideline validation
- Certificate cryptography auditing
- OCSP stapling detection
- TLS version auditing
- TLS security checks:
- Heartbleed
- ROBOT
- CCS Injection
- TLS compression
- TLS fallback SCSV
- Extended Master Secret
- Session renegotiation
- Elliptic curve compliance validation
- Markdown report export
- ANSI-colored terminal output
Requirements
- Python 3.11+
- OpenSSL
- SSLyze
Usage
Scan a target
cipherscout example.com
Scan a custom port
cipherscout example.com:8443
Export Markdown report
cipherscout example.com --export-md report.md
Use custom BSI PDF
cipherscout example.com --pdf ./BSI-TR-02102-2.pdf
Update BSI PDF
cipherscout --update-bsi
Evaluate cipher suites manually
cipherscout \
--cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
Example Output
Legend
Orange = Mozilla intermediate configuration
Red = Non-compliant / deprecated / insecure
Certificate Information
+----------------------------+------------------+
| Field | Value |
+============================+==================+
| Public Key Algorithm | RSAPublicKey |
| Key Size | 4096 |
| Signature Algorithm | sha256WithRSAEncryption |
| OCSP Stapling | supported |
+----------------------------+------------------+
Supported TLS Versions
+-----------+
| Version |
+===========+
| TLS 1.2 |
| TLS 1.3 |
+-----------+
Mozilla Compliance
CipherScout validates:
- Certificate algorithms
- RSA key sizes
- TLS elliptic curves
- Certificate curves
- Certificate signatures
against Mozilla's latest TLS recommendations.
Color coding:
| Color | Meaning |
|---|---|
| Default | Mozilla Modern Compliant / Secure |
| Orange | Mozilla Intermediate compliant |
| Red | Non-Compliant / Deprecated / Insecure |
Report Export
Markdown reports can be exported using:
cipherscout example.com --export-md report.md
The generated report contains:
- Certificate information
- Supported TLS versions
- Accepted cipher suites
- Security checks
- Cipher weaknesses
- Mozilla compliance results
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cipherscout-1.0.1.tar.gz.
File metadata
- Download URL: cipherscout-1.0.1.tar.gz
- Upload date:
- Size: 12.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8a0ae3fca1553e3a9276f610300e8c7ad049c85754c60092db37e8bb2bf726d3
|
|
| MD5 |
a48f4e8e21c3004ff18176de2d9f6570
|
|
| BLAKE2b-256 |
4ec081dab46aedf9d79a327a5652e51a6a66699b6e288f77bb541485d1be6c00
|
File details
Details for the file cipherscout-1.0.1-py3-none-any.whl.
File metadata
- Download URL: cipherscout-1.0.1-py3-none-any.whl
- Upload date:
- Size: 11.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1282e8d3efc19560923042795dc32093d7806771dc5dc6aa6da9bdcedf5d0b12
|
|
| MD5 |
12913b48423bc2a7f709ac312d3bfb8e
|
|
| BLAKE2b-256 |
71494654f654e977dffaf49b447c1d100746472c4d3f7c14dd7b85cbb81c7d6c
|
