zgrab2-tls
Fast Go Application Scanner
Details
Category: Recon
Publisher: trickest-mhmdiaa
Created Date: 5/24/2023
Container: quay.io/trickest/zgrab2-tls:911c86f-patch-2
Source URL: https://github.com/zmap/zgrab2
Parameters
sct
boolean
Command:
--sct
- Request Signed Certificate Timestamps during TLS Handshakeport
string
Command:
--port
- Specify port to grab on (default: 80)time
string
Command:
--time
- Explicit request time to use, instead of clock. YYYYMMDDhhmmss format.debug
boolean
Command:
--debug
- Include debug fields in the output.flush
boolean
Command:
--flush
- Flush after each line of output.input
string
requiredCommand:
- Input targetno-sni
boolean
Command:
--no-sni
- Do not send domain name in TLS Handshake regardless of whether knownsenders
string
Command:
--senders
- Number of send goroutines to use (default: 1000)timeout
string
Command:
--timeout
- Set connection timeout (0 = no timeout) (default: 10s)trigger
string
Command:
--trigger
- Invoke only on targets with specified tagmaxbytes
string
Command:
--maxbytes
- Maximum byte read limit per scan (0 = defaults)no-ecdhe
boolean
Command:
--no-ecdhe
- Do not allow ECDHE handshakesroot-cas
file
Command:
--root-cas
- Set of certificates to use when verifying server certificatesgomaxprocs
string
Command:
--gomaxprocs
- Set GOMAXPROCS (default: 0)heartbleed
boolean
Command:
--heartbleed
- Check if server is vulnerable to Heartbleedinput-file
file
requiredCommand:
- Input fileprometheus
string
Command:
--prometheus
- Address to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disableddsa-enabled
boolean
Command:
--dsa-enabled
- Accept server DSA keysmax-version
string
Command:
--max-version
- The maximum SSL/TLS version that is acceptable. 0 means use the highest supported value.min-version
string
Command:
--min-version
- The minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum.next-protos
file
Command:
--next-protos
- A list of supported application-level protocolsserver-name
string
Command:
--server-name
- Server name used for certificate verification and (optionally) SNIcertificates
file
Command:
--certificates
- Set of certificates to present to the servercipher-suite
string
Command:
--cipher-suite
- A comma-delimited list of hex cipher suites to advertise.client-hello
string
Command:
--client-hello
- Set an explicit ClientHello (base64 encoded)client-random
string
Command:
--client-random
- Set an explicit Client Random (base64 encoded)session-ticket
boolean
Command:
--session-ticket
- Send support for TLS Session Tickets and output ticket if presentedcertificate-map
file
Command:
--certificate-map
- A file mapping server names to certificatesextended-random
boolean
Command:
--extended-random
- Send TLS Extended Random Extensionkeep-client-logs
boolean
Command:
--keep-client-logs
- Include the client-side logs in the TLS handshakecurve-preferences
string
Command:
--curve-preferences
- A list of elliptic curves used in an ECDHE handshake, in order of preference.heartbeat-enabled
boolean
Command:
--heartbeat-enabled
- If set, include the heartbeat extensionread-limit-per-host
string
Command:
--read-limit-per-host
- Maximum total kilobytes to read for a single host (default 96kb) (default: 96)connections-per-host
string
Command:
--connections-per-host
- Number of times to connect to each host (results in more output) (default: 1)signature-algorithms
string
Command:
--signature-algorithms
- Signature and hash algorithms that are acceptableextended-master-secret
boolean
Command:
--extended-master-secret
- Offer RFC 7627 Extended Master Secret extensionverify-server-certificate
boolean
Command:
--verify-server-certificate
- ail if the server certificate does not match the server-name, or does not chain to a trusted root.