zgrab2-http
Fast Go Application Scanner
Name:zgrab2-http
Category:Recon
Publisher:trickest-mhmdiaa
Created:4/12/2023
Container:
quay.io/trickest/zgrab2-http:82b0038Output Type:
License:Unknown
Source:View Source
Parameters
--sctRequest Signed Certificate Timestamps during TLS Handshake--portSpecify port to grab on (default: 80)--timeExplicit request time to use, instead of clock. YYYYMMDDhhmmss format.--debugInclude debug fields in the output.--flushFlush after each line of output.--methodSet HTTP request method type (default: GET)--no-sniDo not send domain name in TLS Handshake regardless of whether known--sendersNumber of send goroutines to use (default: 1000)--timeoutSet connection timeout (0 = no timeout) (default: 10s)--triggerInvoke only on targets with specified tag--endpointSend an HTTP request to an endpoint (default: /)--max-sizeMax kilobytes to read in response to an HTTP request (default: 256)--maxbytesMaximum byte read limit per scan (0 = defaults)--no-ecdheDo not allow ECDHE handshakes--root-casSet of certificates to use when verifying server certificates--use-httpsPerform an HTTPS connection on the initial host--gomaxprocsSet GOMAXPROCS (default: 0)--heartbleedCheck if server is vulnerable to Heartbleed--prometheusAddress to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled--user-agentSet a custom user agent (default: Mozilla/5.0 zgrab/0.x)--dsa-enabledAccept server DSA keys--max-versionThe maximum SSL/TLS version that is acceptable. 0 means use the highest supported value.--min-versionThe minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum.--next-protosA list of supported application-level protocols--retry-httpsIf the initial request fails, reconnect and try with HTTPS.--server-nameServer name used for certificate verification and (optionally) SNI--certificatesSet of certificates to present to the server--cipher-suiteA comma-delimited list of hex cipher suites to advertise.--client-helloSet an explicit ClientHello (base64 encoded)--client-randomSet an explicit Client Random (base64 encoded)--max-redirectsMax number of redirects to follow (default: 0)--session-ticketSend support for TLS Session Tickets and output ticket if presented--with-body-sizeEnable the body_size attribute, for how many bytes actually read--certificate-mapA file mapping server names to certificates--extended-randomSend TLS Extended Random Extension--keep-client-logsInclude the client-side logs in the TLS handshake--curve-preferencesA list of elliptic curves used in an ECDHE handshake, in order of preference.--heartbeat-enabledIf set, include the heartbeat extension--override-sig-hashOverride the default SignatureAndHashes TLS option with more expansive default--redirects-succeedRedirects are always a success, even if max-redirects is exceeded--fail-http-to-httpsTrigger retry-https logic on known HTTP/400 protocol mismatch responses--read-limit-per-hostMaximum total kilobytes to read for a single host (default 96kb) (default: 96)--connections-per-hostNumber of times to connect to each host (results in more output) (default: 1)--custom-headers-namesCSV of custom HTTP headers to send to server--signature-algorithmsSignature and hash algorithms that are acceptable--custom-headers-valuesCSV of custom HTTP header values to send to server. Should match order of custom-headers-names--extended-master-secretOffer RFC 7627 Extended Master Secret extension--custom-headers-delimiterDelimiter for customer header name/value CSVs--verify-server-certificateail if the server certificate does not match the server-name, or does not chain to a trusted root.--follow-localhost-redirectsFollow HTTP redirects to localhost--compute-decoded-body-hash-algorithmChoose algorithm for BodyHash field (sha256 or sha1)