tlsx
Fast and configurable TLS grabber focused on TLS based data collection.
Details
Category: Recon
Publisher: trickest-mhmdiaa
Created Date: 6/29/2022
Container: quay.io/trickest/tlsx:v1.1.7
Source URL: https://github.com/projectdiscovery/tlsx
Parameters
dns
boolean
Command:
-dns
- display unique hostname from SSL certificate responseja3
boolean
Command:
-ja3
- display ja3 fingerprint hash (using ztls)sni
string
Command:
-sni
- tls sni hostname to usehash
boolean
Command:
-hash
- display certificate fingerprint hashes (md5,sha1,sha256)host
string
Command:
-host
- target host(s) to scan (comma-separated)jarm
boolean
Command:
-jarm
- display jarm fingerprint hashjson
boolean
Command:
-json
- json format outputlist
file
requiredCommand:
-list
- target list to scanport
string
Command:
-port
- target port to connect (default 443)delay
string
Command:
-delay
- duration to wait between each connection per thread (eg: 200ms, 1s)retry
string
Command:
-retry
- number of retries to perform for failures (default 3)cacert
file
Command:
-cacert
- client certificate authority filecipher
boolean
Command:
-cipher
- display used cipherconfig
file
Command:
-config
- tlsx configuration fileserial
boolean
Command:
-serial
- display certificate serial numbersilent
boolean
Command:
-silent
- display silent outputexpired
boolean
Command:
-expired
- display validity status of certificaterevoked
boolean
Command:
-revoked
- display host with revoked certificatetimeout
string
Command:
-timeout
- tls connection timeout in seconds (default 5)verbose
boolean
Command:
-verbose
- display verbose outputhardfail
boolean
Command:
-hardfail
- strategy to use if encountered errors while checking revocation statusresolvers
file
Command:
-resolvers
- list of resolvers to useresp-only
boolean
Command:
-resp-only
- display tls response onlyscan-mode
string
Command:
-scan-mode
- tls connection mode to use (ctls, ztls, openssl, auto) (default auto)tls-chain
boolean
Command:
-tls-chain
- display tls chain in json outputuntrusted
boolean
Command:
-untrusted
- display host with untrusted certificateip-version
string
Command:
-ip-version
- ip version to use (4, 6) (default 4)mismatched
boolean
Command:
-mismatched
- display host with mismatched certificaterandom-sni
boolean
Command:
-random-sni
- use random sni when emptyall-ciphers
boolean
Command:
-all-ciphers
- send all ciphers as accepted inputs (default true)certificate
boolean
Command:
-certificate
- include certificates in json output (PEM format)cipher-enum
boolean
Command:
-cipher-enum
- enumerate and display supported ciphercipher-type
string
Command:
-cipher-type
- ciphers types to enumerate. possible values: all/secure/insecure/weak (comma-separated) (default all)concurrency
string
Command:
-concurrency
- number of concurrent threads to process (default 300)max-version
string
Command:
-max-version
- maximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)min-version
string
Command:
-min-version
- minimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)self-signed
boolean
Command:
-self-signed
- display status of self-signed certificatetls-version
boolean
Command:
-tls-version
- display used tls versionverify-cert
boolean
Command:
-verify-cert
- enable verification of server certificatecipher-input
string
Command:
-cipher-input
- ciphers to use with tls connectionclient-hello
boolean
Command:
-client-hello
- include client hello in json output (ztls mode only)common-names
boolean
Command:
-cn
- display subject common nameshealth-check
boolean
Command:
-health-check
- run diagnostic check upprobe-status
boolean
Command:
-probe-status
- display tls probe statusscan-all-ips
boolean
Command:
-scan-all-ips
- scan all ips for a host (default false)server-hello
boolean
Command:
-server-hello
- include server hello in json output (ztls mode only)version-enum
boolean
Command:
-version-enum
- enumerate and display supported tls versionspre-handshake
boolean
Command:
-pre-handshake
- enable pre-handshake tls connection (early termination) using ztlswildcard-cert
boolean
Command:
-wildcard-cert
- display host with wildcard ssl certificateopenssl-binary
file
Command:
-openssl-binary
- OpenSSL Binary Pathcipher-concurrency
string
Command:
-cipher-concurrency
- cipher enum concurrency for each target (default 10)subject-alternative-names
boolean
Command:
-san
- display subject alternative namessubject-organization-name
boolean
Command:
-so
- display subject organization name