tlsx
tlsx in the Trickest library - GitHub repo
Basic Usage Examples
Making A TLS Connection to an IP Address
Pass an IP address (e.g. 52.59.15.118) to the host
string input.
Enumerating `Common Names` from a TLS Certificate
Turn on the common-names
boolean input.
Enumerating `Subject Alternative Names` From a TLS Certificate
Turn on the subject-alternative-names
boolean input.
Enumerating Hostnames from a List of Hosts
You can combine the 2 techniques above to enumerate possible hostnames from a target's TLS certificates and expand the attack surface.
Pass a list of IP addresses and/or hostnames to the list
file input value and turn on the common-names
and subject-alternative-names
boolean inputs.
Enumerating Hostnames from an IP range
Pass an IP range in CIDR notation to the host
string input and turn on the common-names
and subject-alternative-names
boolean inputs.
Scanning for TLS Misconfigurations
Pass your input host
or list
and turn on the expired
, mismatched
revoked
, and self-signed
boolean inputs.
Scanning Specific Ports
Port 443 is used by default but you can change it or add more ports using the port
string input (comma-separated)
Filtering/parsing Results
JSON Output
To write the output in JSON format, turn on the json
boolean input.
Extract Only The Hostnames
Turn on the resp-only
boolean flag to display the TLS response only without the input.
Performance Improvements
Increase / Decrease the Number of Concurrent Threads
The default number of concurrent threads is 300, but you have the option to modify this using the concurrency
string input. Adjusting this input can either speed up the execution or decrease the aggressiveness of the scan.
Adjusting the Delay
Use the delay
string input to set a specific duration to wait between each connection per thread (number + time unit, e.g. 200ms
, 1s
, etc)
Adjusting the Timeout
The default TLS connection timeout is 5 seconds. Enter the number of seconds into the timeout
string input to adjust it.