Continuing the previous post.
Another problem that people might need to know is that the memory consumption in sslyze. The memory consumption is huge when scanning thousands of servers, and you won’t be able to run hundreds of thousands of hosts at one time, ’cause the memory will be sky rocketed.
The root cause it that the sslyze is trying to generate all the xml at the end of scanning, probably it want to load all the XML content with some DOM model, which requires a lot of memory. In my scanning, I actually partition hosts to small batches and use two processes running on one machine to do that work. The batch size is 5000, and the 2nd process should be started after at least 1 minute later than the 1st one, avoiding both of them completing at the same time for memory, generating a memory request peak. The server is an VM with 64GB. Usually at this batch size, the memory peak will be below 17GB.
Rick Xu Technology Blog 