tlsx
Fast and configurable TLS grabber focused on TLS based data collection.
Name:tlsx
Category:Recon
Publisher:trickest-mhmdiaa
Created:6/29/2022
Container:
quay.io/trickest/tlsx:v1.1.7Output Type:
License:Unknown
Source:View Source
Parameters
-dnsdisplay unique hostname from SSL certificate response-ja3display ja3 fingerprint hash (using ztls)-snitls sni hostname to use-hashdisplay certificate fingerprint hashes (md5,sha1,sha256)-hosttarget host(s) to scan (comma-separated)-jarmdisplay jarm fingerprint hash-jsonjson format output-listtarget list to scan-porttarget port to connect (default 443)-delayduration to wait between each connection per thread (eg: 200ms, 1s)-retrynumber of retries to perform for failures (default 3)-cacertclient certificate authority file-cipherdisplay used cipher-configtlsx configuration file-serialdisplay certificate serial number-silentdisplay silent output-expireddisplay validity status of certificate-revokeddisplay host with revoked certificate-timeouttls connection timeout in seconds (default 5)-verbosedisplay verbose output-hardfailstrategy to use if encountered errors while checking revocation status-resolverslist of resolvers to use-resp-onlydisplay tls response only-scan-modetls connection mode to use (ctls, ztls, openssl, auto) (default auto)-tls-chaindisplay tls chain in json output-untrusteddisplay host with untrusted certificate-ip-versionip version to use (4, 6) (default 4)-mismatcheddisplay host with mismatched certificate-random-sniuse random sni when empty-all-cipherssend all ciphers as accepted inputs (default true)-certificateinclude certificates in json output (PEM format)-cipher-enumenumerate and display supported cipher-cipher-typeciphers types to enumerate. possible values: all/secure/insecure/weak (comma-separated) (default all)-concurrencynumber of concurrent threads to process (default 300)-max-versionmaximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)-min-versionminimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)-self-signeddisplay status of self-signed certificate-tls-versiondisplay used tls version-verify-certenable verification of server certificate-cipher-inputciphers to use with tls connection-client-helloinclude client hello in json output (ztls mode only)-cndisplay subject common names-health-checkrun diagnostic check up-probe-statusdisplay tls probe status-scan-all-ipsscan all ips for a host (default false)-server-helloinclude server hello in json output (ztls mode only)-version-enumenumerate and display supported tls versions-pre-handshakeenable pre-handshake tls connection (early termination) using ztls-wildcard-certdisplay host with wildcard ssl certificate-openssl-binaryOpenSSL Binary Path-cipher-concurrencycipher enum concurrency for each target (default 10)-sandisplay subject alternative names-sodisplay subject organization name