tlsx

tlsx in the Trickest library - GitHub repo

Basic Usage Examples

Making A TLS Connection to an IP Address

Pass an IP address (e.g. 52.59.15.118) to the host string input.

Enumerating `Common Names` from a TLS Certificate

Turn on the common-names boolean input.

Enumerating `Subject Alternative Names` From a TLS Certificate

Turn on the subject-alternative-names boolean input.

Enumerating Hostnames from a List of Hosts

You can combine the 2 techniques above to enumerate possible hostnames from a target's TLS certificates and expand the attack surface.

Pass a list of IP addresses and/or hostnames to the list file input value and turn on the common-names and subject-alternative-names boolean inputs.

Enumerating Hostnames from an IP range

Pass an IP range in CIDR notation to the host string input and turn on the common-names and subject-alternative-names boolean inputs.

Scanning for TLS Misconfigurations

Pass your input host or list and turn on the expired, mismatched revoked, and self-signed boolean inputs.

Scanning Specific Ports

Port 443 is used by default but you can change it or add more ports using the port string input (comma-separated)

Filtering/parsing Results

JSON Output

To write the output in JSON format, turn on the json boolean input.

Extract Only The Hostnames

Turn on the resp-only boolean flag to display the TLS response only without the input.

Performance Improvements

Increase / Decrease the Number of Concurrent Threads

The default number of concurrent threads is 300, but you have the option to modify this using the concurrency string input. Adjusting this input can either speed up the execution or decrease the aggressiveness of the scan.

Adjusting the Delay

Use the delay string input to set a specific duration to wait between each connection per thread (number + time unit, e.g. 200ms, 1s, etc)

Adjusting the Timeout

The default TLS connection timeout is 5 seconds. Enter the number of seconds into the timeout string input to adjust it.

Similar tools

• cero