tlsx
Fast and configurable TLS grabber focused on TLS based data collection.
Details
Category: Recon
Publisher: trickest-mhmdiaa
Created Date: 6/29/2022
Container: quay.io/trickest/tlsx:v1.1.7
Source URL: https://github.com/projectdiscovery/tlsx
Parameters
Command:
-dns - display unique hostname from SSL certificate responseCommand:
-ja3 - display ja3 fingerprint hash (using ztls)Command:
-sni - tls sni hostname to useCommand:
-hash - display certificate fingerprint hashes (md5,sha1,sha256)Command:
-host - target host(s) to scan (comma-separated)Command:
-jarm - display jarm fingerprint hashCommand:
-json - json format outputCommand:
-list - target list to scanCommand:
-port - target port to connect (default 443)Command:
-delay - duration to wait between each connection per thread (eg: 200ms, 1s)Command:
-retry - number of retries to perform for failures (default 3)Command:
-cacert - client certificate authority fileCommand:
-cipher - display used cipherCommand:
-config - tlsx configuration fileCommand:
-serial - display certificate serial numberCommand:
-silent - display silent outputCommand:
-expired - display validity status of certificateCommand:
-revoked - display host with revoked certificateCommand:
-timeout - tls connection timeout in seconds (default 5)Command:
-verbose - display verbose outputCommand:
-hardfail - strategy to use if encountered errors while checking revocation statusCommand:
-resolvers - list of resolvers to useCommand:
-resp-only - display tls response onlyCommand:
-scan-mode - tls connection mode to use (ctls, ztls, openssl, auto) (default auto)Command:
-tls-chain - display tls chain in json outputCommand:
-untrusted - display host with untrusted certificateCommand:
-ip-version - ip version to use (4, 6) (default 4)Command:
-mismatched - display host with mismatched certificateCommand:
-random-sni - use random sni when emptyCommand:
-all-ciphers - send all ciphers as accepted inputs (default true)Command:
-certificate - include certificates in json output (PEM format)Command:
-cipher-enum - enumerate and display supported cipherCommand:
-cipher-type - ciphers types to enumerate. possible values: all/secure/insecure/weak (comma-separated) (default all)Command:
-concurrency - number of concurrent threads to process (default 300)Command:
-max-version - maximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)Command:
-min-version - minimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)Command:
-self-signed - display status of self-signed certificateCommand:
-tls-version - display used tls versionCommand:
-verify-cert - enable verification of server certificateCommand:
-cipher-input - ciphers to use with tls connectionCommand:
-client-hello - include client hello in json output (ztls mode only)Command:
-cn - display subject common namesCommand:
-health-check - run diagnostic check upCommand:
-probe-status - display tls probe statusCommand:
-scan-all-ips - scan all ips for a host (default false)Command:
-server-hello - include server hello in json output (ztls mode only)Command:
-version-enum - enumerate and display supported tls versionsCommand:
-pre-handshake - enable pre-handshake tls connection (early termination) using ztlsCommand:
-wildcard-cert - display host with wildcard ssl certificateCommand:
-openssl-binary - OpenSSL Binary PathCommand:
-cipher-concurrency - cipher enum concurrency for each target (default 10)Command:
-san - display subject alternative namesCommand:
-so - display subject organization name