Pricing

from $1.00 / 1,000 host scans

Go to Apify Store

SSL Cipher Suite & Security Scanner

Try for free

Audit TLS versions and negotiated cipher suites for a list of domains to ensure compliance and robust web security.

Pricing

from $1.00 / 1,000 host scans

Rating

0.0

(0)

Developer

Andok

Actor stats

Bookmarked

Total users

Monthly active users

19 days ago

Last modified

TLS Cipher Suite Scanner

Scan TLS cipher suites to detect weak or deprecated configurations across your entire domain inventory. Outdated ciphers like RC4 or CBC-mode suites remain a top finding in compliance audits, and many teams lack visibility until a scanner flags them. Check hundreds of hosts in parallel and get structured results ready for reporting.

Features

Cipher suite detection — identifies the exact cipher suite negotiated during the TLS handshake
Protocol version reporting — reports TLS 1.2, TLS 1.3, or older protocol versions for each host
Certificate validation — checks whether the server certificate is authorized and trusted
ALPN negotiation — reports Application-Layer Protocol Negotiation results (h2, http/1.1)
Bulk scanning — check hundreds of domains concurrently in a single run
Flexible input — accepts plain domains, URLs, or objects with domain/url fields

Input

Field	Type	Required	Default	Description
`domains`	`array`	Yes	—	List of domains or hostnames to scan (e.g., `example.com`). Also accepts URLs or objects with `domain`/`url` fields
`timeoutSeconds`	`integer`	No	`15`	Connection timeout per domain in seconds (1-60)
`concurrency`	`integer`	No	`10`	Number of domains to scan in parallel (1-50)

Input Example

{
  "domains": [
    "google.com",
    "github.com",
    "example.com"
  ],
  "concurrency": 20
}

Output

Each domain produces one dataset record with the negotiated TLS parameters and certificate status.

Key output fields:

domain (string) — the hostname that was scanned
status (string) — scan result status (OK or ERROR)
protocol (string) — negotiated TLS version (e.g., TLSv1.3)
cipher (string) — negotiated cipher suite name (e.g., TLS_AES_256_GCM_SHA384)
authorized (boolean) — whether the server certificate is trusted
alpn (string) — negotiated ALPN protocol (e.g., h2)
error (string | null) — error message if the connection failed
checkedAt (string) — ISO 8601 timestamp

Output Example

{
  "domain": "github.com",
  "status": "OK",
  "protocol": "TLSv1.3",
  "cipher": "TLS_AES_128_GCM_SHA256",
  "authorized": true,
  "alpn": "h2",
  "error": null,
  "checkedAt": "2026-03-09T12:00:00.000Z"
}

Pricing

Event	Cost
Host Scan	$0.001

Pay only for hosts successfully scanned. Respects your per-run spending limit.

Use Cases

Security audits — verify that all enterprise endpoints use TLS 1.2+ with strong cipher suites
PCI DSS compliance — confirm no deprecated protocols or weak ciphers are in use across payment-processing domains
Vendor risk assessment — bulk-scan third-party domains to evaluate their TLS configurations before onboarding
Infrastructure migration — validate cipher suite consistency after moving to new hosting or CDN providers
Scheduled monitoring — run weekly scans to detect cipher downgrades or misconfigurations after server changes

Actor	What it adds
Security Headers Analyzer	Audit HTTP security headers (HSTS, CSP, etc.) to complement TLS-level checks
SSL Certificate Monitor	Monitor certificate expiry dates alongside cipher suite auditing
Subdomain Finder	Discover all subdomains first, then feed them into cipher scanning

SSL Certificate Checker

automation-lab/ssl-certificate-checker

SSL Certificate Checker connects to domains over TLS and inspects their SSL certificates. It returns structured data about certificate validity, expiry, issuer chain, TLS protocol version, cipher suite, and a security grade from A+ to F.

Stas Persiianenko

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

SSL Certificate Checker

nexgendata/ssl-certificate-checker

Check SSL/TLS certificates for any domain — expiration dates, issuer, protocol versions, and security grade. Monitor certificate health across your infrastructure.

Stephan Corbeil

HTTP Headers Security Checker

automation-lab/http-headers-security-checker

This actor checks 12 HTTP security headers for any list of websites and produces a security grade with actionable findings. It identifies missing headers, weak configurations, and provides specific recommendations. Use it for security audits, compliance checks, or monitoring your web...

Stas Persiianenko

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

SAHIL KUMAR

HTTP Security Headers Analyzer

andok/security-headers-analyzer

Audit HTTP response headers (CSP, HSTS, X-Frame-Options) to verify web application security and compliance standards.

Andok

Security Headers Checker - Audit CSP, HSTS, XFO and more

scrappy_garden/security-headers-checker

Check common HTTP security headers for one or more URLs (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP). Useful for quick security hardening audits.

Bikram Adhikari

Security.txt Checker

automation-lab/security-txt-checker

This actor checks websites for a security.txt file as defined by RFC 9116. It looks in `/.well-known/security.txt` and `/security.txt`, parses contact information, encryption keys, expiration dates, and validates compliance with the standard.

Stas Persiianenko

DNS lookup API: Intelligence & Security Analyzer

njoylab/apify-dns

A powerful DNS intelligence tool that performs multi-record lookups, global propagation checks, reverse DNS, SSL/TLS inspection, email security analysis, and rich metadata extraction all in one automated workflow