Appendix: Writing Your Own Plugins

Things that SSLyze can scan for are implemented using a plugin system. If you want to create a new plugin, the easiest way to get started is to review a simple existing plugin such as the CompressionPlugin in sslyze.plugins.compression_plugin.

High Level Overview

A plugin is made of one Plugin subclass and one or multiple subclasses of PluginScanCommand and PluginScanResult. The Plugin receives a PluginScanCommand, performs the corresponding scan, and returns a PluginScanResult.

For the Plugin to be discovered by SSLyze, it needs to be added to sslyze.plugins.plugin_repository.

Core parent classes

class sslyze.plugins.plugin_base.Plugin

Abstract class to represent one plugin which can implement one multiple PluginScanCommand and PluginScanResult.

process_task(server_info, scan_command)

Should run the supplied scan command on the server and return the result.

Parameters:
Return type:

PluginScanResult

Returns:

The result of the scan command run on the supplied server.

class sslyze.plugins.plugin_base.PluginScanCommand

Abstract class to represent one specific thing a Plugin can scan for.

__init__()

Optional arguments for a command can be passed as keyword arguments here.

Return type:None
classmethod get_cli_argument()

Should return the command line option to be used to run the scan command via the CLI.

Return type:str
classmethod is_aggressive()

Should return True if command will open many simultaneous connections to the server.

When using the ConcurrentScanner to run scan commands, only one aggressive command will be run concurrently per server, to avoid DOS-ing the server.

Return type:bool
class sslyze.plugins.plugin_base.PluginScanResult(server_info, scan_command)

Abstract class to represent the result of running a specific PluginScanCommand against a server .

server_info

The server against which the command was run.

Type:ServerConnectivityInfo
scan_command

The scan command that was run against the server.

Type:PluginScanCommand
__init__(server_info, scan_command)

Initialize self. See help(type(self)) for accurate signature.

Return type:None
as_xml()

Should return the XML output to be returned by the CLI tool when –xml_out is used.

Return type:Element
as_text()

Should return the text output to be displayed in the console by the CLI tool.

Return type:List[str]