diff --git a/cipherscan b/cipherscan
index 402107c..45da476 100755
--- a/cipherscan
+++ b/cipherscan
@@ -1397,19 +1397,26 @@ fi
 
 # echo parameters left: $@
 
-TEMPTARGET=$(sed -e 's/^.* //'<<<"${@}")
-HOST=$(sed -e 's/:.*//'<<<"${TEMPTARGET}")
-PORT=$(sed -e 's/.*://'<<<"${TEMPTARGET}")
-
-# Default to https if no port given
-if [[ "$HOST" = "$PORT" ]]; then
-    PORT=443
+if (( $# < 1 )); then
+    echo "The final argument must be a valid HOST[:PORT], but none was provided." 1>&2
+    exit 1
 fi
 
-debug "host: $HOST"
-debug "Port: $PORT"
+PARAMS=("$@")
+TARGET=${PARAMS[-1]}
+unset PARAMS[-1]
+
+# Refuse to proceed if the hostname starts with a hyphen, since hostnames can't
+# begin with a hyphen and this likely means we accidentally parsed an option as
+# a hostname.
+if [[ -z $TARGET || $TARGET =~ ^[-:] || $TARGET =~ :.*[^0-9] ]]; then
+    echo "The final argument '$TARGET' is not a valid HOST[:PORT]." 1>&2
+    exit 1
+fi
+if ! [[ $TARGET =~ : ]]; then
+    TARGET="${TARGET}:443"
+fi
 
-TARGET=$HOST:$PORT
 debug "target: $TARGET"
 
 # test our openssl is usable
@@ -1455,7 +1462,7 @@ if [[ $VERBOSE != 0 ]] ; then
          $OPENSSLBIN ciphers ALL 2>/dev/null
 fi
 
-SCLIENTARGS=$(sed -e s,${TEMPTARGET},,<<<"${@}")
+SCLIENTARGS="${PARAMS[*]}"
 debug "sclientargs: $SCLIENTARGS"