tlsx - Trickest Platform Documentation

Name:tlsx

Category:Recon

Publisher:trickest-mhmdiaa

Created:6/29/2022

Container:quay.io/trickest/tlsx:v1.2.1

Output Type:

License:Unknown

Source:View Source

Parameters

dns

boolean

-dnsdisplay unique hostname from SSL certificate response

ja3

boolean

-ja3display ja3 fingerprint hash (using ztls)

sni

string

-snitls sni hostname to use

hash

boolean

-hashdisplay certificate fingerprint hashes (md5,sha1,sha256)

host

string

-hosttarget host(s) to scan (comma-separated)

jarm

boolean

-jarmdisplay jarm fingerprint hash

json

boolean

-jsonjson format output

list

file

required

-listtarget list to scan

port

string

-porttarget port to connect (default 443)

delay

string

-delayduration to wait between each connection per thread (eg: 200ms, 1s)

retry

string

-retrynumber of retries to perform for failures (default 3)

cacert

file

-cacertclient certificate authority file

cipher

boolean

-cipherdisplay used cipher

config

file

-configtlsx configuration file

serial

boolean

-serialdisplay certificate serial number

silent

boolean

-silentdisplay silent output

expired

boolean

-expireddisplay validity status of certificate

revoked

boolean

-revokeddisplay host with revoked certificate

timeout

string

-timeouttls connection timeout in seconds (default 5)

verbose

boolean

-verbosedisplay verbose output

hardfail

boolean

-hardfailstrategy to use if encountered errors while checking revocation status

resolvers

file

-resolverslist of resolvers to use

resp-only

boolean

-resp-onlydisplay tls response only

scan-mode

string

-scan-modetls connection mode to use (ctls, ztls, openssl, auto) (default auto)

tls-chain

boolean

-tls-chaindisplay tls chain in json output

untrusted

boolean

-untrusteddisplay host with untrusted certificate

ip-version

string

-ip-versionip version to use (4, 6) (default 4)

mismatched

boolean

-mismatcheddisplay host with mismatched certificate

random-sni

boolean

-random-sniuse random sni when empty

all-ciphers

boolean

-all-cipherssend all ciphers as accepted inputs (default true)

certificate

boolean

-certificateinclude certificates in json output (PEM format)

cipher-enum

boolean

-cipher-enumenumerate and display supported cipher

cipher-type

string

-cipher-typeciphers types to enumerate. possible values: all/secure/insecure/weak (comma-separated) (default all)

concurrency

string

-concurrencynumber of concurrent threads to process (default 300)

max-version

string

-max-versionmaximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)

min-version

string

-min-versionminimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)

self-signed

boolean

-self-signeddisplay status of self-signed certificate

tls-version

boolean

-tls-versiondisplay used tls version

verify-cert

boolean

-verify-certenable verification of server certificate

cipher-input

string

-cipher-inputciphers to use with tls connection

client-hello

boolean

-client-helloinclude client hello in json output (ztls mode only)

common-names

boolean

-cndisplay subject common names

health-check

boolean

-health-checkrun diagnostic check up

probe-status

boolean

-probe-statusdisplay tls probe status

scan-all-ips

boolean

-scan-all-ipsscan all ips for a host (default false)

server-hello

boolean

-server-helloinclude server hello in json output (ztls mode only)

version-enum

boolean

-version-enumenumerate and display supported tls versions

pre-handshake

boolean

-pre-handshakeenable pre-handshake tls connection (early termination) using ztls

wildcard-cert

boolean

-wildcard-certdisplay host with wildcard ssl certificate

openssl-binary

file

-openssl-binaryOpenSSL Binary Path

cipher-concurrency

string

-cipher-concurrencycipher enum concurrency for each target (default 10)

subject-alternative-names

boolean

-sandisplay subject alternative names

subject-organization-name

boolean

-sodisplay subject organization name

Library

Parameters