zgrab2-http - Trickest Platform Documentation

Details

Category: Recon

Publisher: trickest-mhmdiaa

Created Date: 4/12/2023

Container: quay.io/trickest/zgrab2-http:911c86f-patch-1

Source URL: https://github.com/zmap/zgrab2

Parameters

sct

boolean

Command: --sct - Request Signed Certificate Timestamps during TLS Handshake

port

string

Command: --port - Specify port to grab on (default: 80)

time

string

Command: --time - Explicit request time to use, instead of clock. YYYYMMDDhhmmss format.

debug

boolean

Command: --debug - Include debug fields in the output.

flush

boolean

Command: --flush - Flush after each line of output.

input

string

required

Command: - Input target

method

string

Command: --method - Set HTTP request method type (default: GET)

no-sni

boolean

Command: --no-sni - Do not send domain name in TLS Handshake regardless of whether known

senders

string

Command: --senders - Number of send goroutines to use (default: 1000)

timeout

string

Command: --timeout - Set connection timeout (0 = no timeout) (default: 10s)

trigger

string

Command: --trigger - Invoke only on targets with specified tag

endpoint

string

Command: --endpoint - Send an HTTP request to an endpoint (default: /)

max-size

string

Command: --max-size - Max kilobytes to read in response to an HTTP request (default: 256)

maxbytes

string

Command: --maxbytes - Maximum byte read limit per scan (0 = defaults)

no-ecdhe

boolean

Command: --no-ecdhe - Do not allow ECDHE handshakes

root-cas

file

Command: --root-cas - Set of certificates to use when verifying server certificates

use-https

boolean

Command: --use-https - Perform an HTTPS connection on the initial host

gomaxprocs

string

Command: --gomaxprocs - Set GOMAXPROCS (default: 0)

heartbleed

boolean

Command: --heartbleed - Check if server is vulnerable to Heartbleed

input-file

file

required

Command: - Input file

prometheus

string

Command: --prometheus - Address to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled

user-agent

string

Command: --user-agent - Set a custom user agent (default: Mozilla/5.0 zgrab/0.x)

dsa-enabled

boolean

Command: --dsa-enabled - Accept server DSA keys

max-version

string

Command: --max-version - The maximum SSL/TLS version that is acceptable. 0 means use the highest supported value.

min-version

string

Command: --min-version - The minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum.

next-protos

file

Command: --next-protos - A list of supported application-level protocols

retry-https

boolean

Command: --retry-https - If the initial request fails, reconnect and try with HTTPS.

server-name

string

Command: --server-name - Server name used for certificate verification and (optionally) SNI

certificates

file

Command: --certificates - Set of certificates to present to the server

cipher-suite

string

Command: --cipher-suite - A comma-delimited list of hex cipher suites to advertise.

client-hello

string

Command: --client-hello - Set an explicit ClientHello (base64 encoded)

client-random

string

Command: --client-random - Set an explicit Client Random (base64 encoded)

max-redirects

string

Command: --max-redirects - Max number of redirects to follow (default: 0)

session-ticket

boolean

Command: --session-ticket - Send support for TLS Session Tickets and output ticket if presented

with-body-size

boolean

Command: --with-body-size - Enable the body_size attribute, for how many bytes actually read

certificate-map

file

Command: --certificate-map - A file mapping server names to certificates

extended-random

boolean

Command: --extended-random - Send TLS Extended Random Extension

keep-client-logs

boolean

Command: --keep-client-logs - Include the client-side logs in the TLS handshake

curve-preferences

string

Command: --curve-preferences - A list of elliptic curves used in an ECDHE handshake, in order of preference.

heartbeat-enabled

boolean

Command: --heartbeat-enabled - If set, include the heartbeat extension

override-sig-hash

boolean

Command: --override-sig-hash - Override the default SignatureAndHashes TLS option with more expansive default

redirects-succeed

boolean

Command: --redirects-succeed - Redirects are always a success, even if max-redirects is exceeded

fail-http-to-https

boolean

Command: --fail-http-to-https - Trigger retry-https logic on known HTTP/400 protocol mismatch responses

read-limit-per-host

string

Command: --read-limit-per-host - Maximum total kilobytes to read for a single host (default 96kb) (default: 96)

connections-per-host

string

Command: --connections-per-host - Number of times to connect to each host (results in more output) (default: 1)

custom-headers-names

file

Command: --custom-headers-names - CSV of custom HTTP headers to send to server

signature-algorithms

string

Command: --signature-algorithms - Signature and hash algorithms that are acceptable

custom-headers-values

file

Command: --custom-headers-values - CSV of custom HTTP header values to send to server. Should match order of custom-headers-names

extended-master-secret

boolean

Command: --extended-master-secret - Offer RFC 7627 Extended Master Secret extension

custom-headers-delimiter

string

Command: --custom-headers-delimiter - Delimiter for customer header name/value CSVs

verify-server-certificate

boolean

Command: --verify-server-certificate - ail if the server certificate does not match the server-name, or does not chain to a trusted root.

follow-localhost-redirects

boolean

Command: --follow-localhost-redirects - Follow HTTP redirects to localhost

compute-decoded-body-hash-algorithm

string

Command: --compute-decoded-body-hash-algorithm - Choose algorithm for BodyHash field (sha256 or sha1)

Library

Details

Parameters