tlsx - Trickest Platform Documentation

Details

Category: Recon

Publisher: trickest-mhmdiaa

Created Date: 6/29/2022

Container: quay.io/trickest/tlsx:v1.1.7

Source URL: https://github.com/projectdiscovery/tlsx

Parameters

dns

boolean

Command: -dns - display unique hostname from SSL certificate response

ja3

boolean

Command: -ja3 - display ja3 fingerprint hash (using ztls)

sni

string

Command: -sni - tls sni hostname to use

hash

boolean

Command: -hash - display certificate fingerprint hashes (md5,sha1,sha256)

host

string

Command: -host - target host(s) to scan (comma-separated)

jarm

boolean

Command: -jarm - display jarm fingerprint hash

json

boolean

Command: -json - json format output

list

file

required

Command: -list - target list to scan

port

string

Command: -port - target port to connect (default 443)

delay

string

Command: -delay - duration to wait between each connection per thread (eg: 200ms, 1s)

retry

string

Command: -retry - number of retries to perform for failures (default 3)

cacert

file

Command: -cacert - client certificate authority file

cipher

boolean

Command: -cipher - display used cipher

config

file

Command: -config - tlsx configuration file

serial

boolean

Command: -serial - display certificate serial number

silent

boolean

Command: -silent - display silent output

expired

boolean

Command: -expired - display validity status of certificate

revoked

boolean

Command: -revoked - display host with revoked certificate

timeout

string

Command: -timeout - tls connection timeout in seconds (default 5)

verbose

boolean

Command: -verbose - display verbose output

hardfail

boolean

Command: -hardfail - strategy to use if encountered errors while checking revocation status

resolvers

file

Command: -resolvers - list of resolvers to use

resp-only

boolean

Command: -resp-only - display tls response only

scan-mode

string

Command: -scan-mode - tls connection mode to use (ctls, ztls, openssl, auto) (default auto)

tls-chain

boolean

Command: -tls-chain - display tls chain in json output

untrusted

boolean

Command: -untrusted - display host with untrusted certificate

ip-version

string

Command: -ip-version - ip version to use (4, 6) (default 4)

mismatched

boolean

Command: -mismatched - display host with mismatched certificate

random-sni

boolean

Command: -random-sni - use random sni when empty

all-ciphers

boolean

Command: -all-ciphers - send all ciphers as accepted inputs (default true)

certificate

boolean

Command: -certificate - include certificates in json output (PEM format)

cipher-enum

boolean

Command: -cipher-enum - enumerate and display supported cipher

cipher-type

string

Command: -cipher-type - ciphers types to enumerate. possible values: all/secure/insecure/weak (comma-separated) (default all)

concurrency

string

Command: -concurrency - number of concurrent threads to process (default 300)

max-version

string

Command: -max-version - maximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)

min-version

string

Command: -min-version - minimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)

self-signed

boolean

Command: -self-signed - display status of self-signed certificate

tls-version

boolean

Command: -tls-version - display used tls version

verify-cert

boolean

Command: -verify-cert - enable verification of server certificate

cipher-input

string

Command: -cipher-input - ciphers to use with tls connection

client-hello

boolean

Command: -client-hello - include client hello in json output (ztls mode only)

common-names

boolean

Command: -cn - display subject common names

health-check

boolean

Command: -health-check - run diagnostic check up

probe-status

boolean

Command: -probe-status - display tls probe status

scan-all-ips

boolean

Command: -scan-all-ips - scan all ips for a host (default false)

server-hello

boolean

Command: -server-hello - include server hello in json output (ztls mode only)

version-enum

boolean

Command: -version-enum - enumerate and display supported tls versions

pre-handshake

boolean

Command: -pre-handshake - enable pre-handshake tls connection (early termination) using ztls

wildcard-cert

boolean

Command: -wildcard-cert - display host with wildcard ssl certificate

openssl-binary

file

Command: -openssl-binary - OpenSSL Binary Path

cipher-concurrency

string

Command: -cipher-concurrency - cipher enum concurrency for each target (default 10)

subject-alternative-names

boolean

Command: -san - display subject alternative names

subject-organization-name

boolean

Command: -so - display subject organization name

Library

Details

Parameters