Details

Category: Recon

Publisher: trickest-mhmdiaa

Created Date: 5/24/2023

Container: quay.io/trickest/zgrab2-tls:911c86f-patch-2

Source URL: https://github.com/zmap/zgrab2

Parameters

sct
boolean
Command: --sct - Request Signed Certificate Timestamps during TLS Handshake
port
string
Command: --port - Specify port to grab on (default: 80)
time
string
Command: --time - Explicit request time to use, instead of clock. YYYYMMDDhhmmss format.
debug
boolean
Command: --debug - Include debug fields in the output.
flush
boolean
Command: --flush - Flush after each line of output.
input
string
required
Command: - Input target
no-sni
boolean
Command: --no-sni - Do not send domain name in TLS Handshake regardless of whether known
senders
string
Command: --senders - Number of send goroutines to use (default: 1000)
timeout
string
Command: --timeout - Set connection timeout (0 = no timeout) (default: 10s)
trigger
string
Command: --trigger - Invoke only on targets with specified tag
maxbytes
string
Command: --maxbytes - Maximum byte read limit per scan (0 = defaults)
no-ecdhe
boolean
Command: --no-ecdhe - Do not allow ECDHE handshakes
root-cas
file
Command: --root-cas - Set of certificates to use when verifying server certificates
gomaxprocs
string
Command: --gomaxprocs - Set GOMAXPROCS (default: 0)
heartbleed
boolean
Command: --heartbleed - Check if server is vulnerable to Heartbleed
input-file
file
required
Command: - Input file
prometheus
string
Command: --prometheus - Address to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled
dsa-enabled
boolean
Command: --dsa-enabled - Accept server DSA keys
max-version
string
Command: --max-version - The maximum SSL/TLS version that is acceptable. 0 means use the highest supported value.
min-version
string
Command: --min-version - The minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum.
next-protos
file
Command: --next-protos - A list of supported application-level protocols
server-name
string
Command: --server-name - Server name used for certificate verification and (optionally) SNI
certificates
file
Command: --certificates - Set of certificates to present to the server
cipher-suite
string
Command: --cipher-suite - A comma-delimited list of hex cipher suites to advertise.
client-hello
string
Command: --client-hello - Set an explicit ClientHello (base64 encoded)
client-random
string
Command: --client-random - Set an explicit Client Random (base64 encoded)
session-ticket
boolean
Command: --session-ticket - Send support for TLS Session Tickets and output ticket if presented
certificate-map
file
Command: --certificate-map - A file mapping server names to certificates
extended-random
boolean
Command: --extended-random - Send TLS Extended Random Extension
keep-client-logs
boolean
Command: --keep-client-logs - Include the client-side logs in the TLS handshake
curve-preferences
string
Command: --curve-preferences - A list of elliptic curves used in an ECDHE handshake, in order of preference.
heartbeat-enabled
boolean
Command: --heartbeat-enabled - If set, include the heartbeat extension
read-limit-per-host
string
Command: --read-limit-per-host - Maximum total kilobytes to read for a single host (default 96kb) (default: 96)
connections-per-host
string
Command: --connections-per-host - Number of times to connect to each host (results in more output) (default: 1)
signature-algorithms
string
Command: --signature-algorithms - Signature and hash algorithms that are acceptable
extended-master-secret
boolean
Command: --extended-master-secret - Offer RFC 7627 Extended Master Secret extension
verify-server-certificate
boolean
Command: --verify-server-certificate - ail if the server certificate does not match the server-name, or does not chain to a trusted root.