Name:zgrab2-tls
Category:Recon
Publisher:trickest-mhmdiaa
Created:5/24/2023
Container:quay.io/trickest/zgrab2-tls:911c86f-patch-2
Output Type:
License:Unknown

Parameters

sct
boolean
--sctRequest Signed Certificate Timestamps during TLS Handshake
port
string
--portSpecify port to grab on (default: 80)
time
string
--timeExplicit request time to use, instead of clock. YYYYMMDDhhmmss format.
debug
boolean
--debugInclude debug fields in the output.
flush
boolean
--flushFlush after each line of output.
input
string
required
Input target
no-sni
boolean
--no-sniDo not send domain name in TLS Handshake regardless of whether known
senders
string
--sendersNumber of send goroutines to use (default: 1000)
timeout
string
--timeoutSet connection timeout (0 = no timeout) (default: 10s)
trigger
string
--triggerInvoke only on targets with specified tag
maxbytes
string
--maxbytesMaximum byte read limit per scan (0 = defaults)
no-ecdhe
boolean
--no-ecdheDo not allow ECDHE handshakes
root-cas
file
--root-casSet of certificates to use when verifying server certificates
gomaxprocs
string
--gomaxprocsSet GOMAXPROCS (default: 0)
heartbleed
boolean
--heartbleedCheck if server is vulnerable to Heartbleed
input-file
file
required
Input file
prometheus
string
--prometheusAddress to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled
dsa-enabled
boolean
--dsa-enabledAccept server DSA keys
max-version
string
--max-versionThe maximum SSL/TLS version that is acceptable. 0 means use the highest supported value.
min-version
string
--min-versionThe minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum.
next-protos
file
--next-protosA list of supported application-level protocols
server-name
string
--server-nameServer name used for certificate verification and (optionally) SNI
certificates
file
--certificatesSet of certificates to present to the server
cipher-suite
string
--cipher-suiteA comma-delimited list of hex cipher suites to advertise.
client-hello
string
--client-helloSet an explicit ClientHello (base64 encoded)
client-random
string
--client-randomSet an explicit Client Random (base64 encoded)
session-ticket
boolean
--session-ticketSend support for TLS Session Tickets and output ticket if presented
certificate-map
file
--certificate-mapA file mapping server names to certificates
extended-random
boolean
--extended-randomSend TLS Extended Random Extension
keep-client-logs
boolean
--keep-client-logsInclude the client-side logs in the TLS handshake
curve-preferences
string
--curve-preferencesA list of elliptic curves used in an ECDHE handshake, in order of preference.
heartbeat-enabled
boolean
--heartbeat-enabledIf set, include the heartbeat extension
read-limit-per-host
string
--read-limit-per-hostMaximum total kilobytes to read for a single host (default 96kb) (default: 96)
connections-per-host
string
--connections-per-hostNumber of times to connect to each host (results in more output) (default: 1)
signature-algorithms
string
--signature-algorithmsSignature and hash algorithms that are acceptable
extended-master-secret
boolean
--extended-master-secretOffer RFC 7627 Extended Master Secret extension
verify-server-certificate
boolean
--verify-server-certificateail if the server certificate does not match the server-name, or does not chain to a trusted root.