zgrab2-tls - Trickest Platform Documentation

Name:zgrab2-tls

Category:Recon

Publisher:trickest-mhmdiaa

Created:5/24/2023

Container:quay.io/trickest/zgrab2-tls:911c86f-patch-2

Output Type:

License:Unknown

Source:View Source

Parameters

sct

boolean

--sctRequest Signed Certificate Timestamps during TLS Handshake

port

string

--portSpecify port to grab on (default: 80)

time

string

--timeExplicit request time to use, instead of clock. YYYYMMDDhhmmss format.

debug

boolean

--debugInclude debug fields in the output.

flush

boolean

--flushFlush after each line of output.

input

string

required

Input target

no-sni

boolean

--no-sniDo not send domain name in TLS Handshake regardless of whether known

senders

string

--sendersNumber of send goroutines to use (default: 1000)

timeout

string

--timeoutSet connection timeout (0 = no timeout) (default: 10s)

trigger

string

--triggerInvoke only on targets with specified tag

maxbytes

string

--maxbytesMaximum byte read limit per scan (0 = defaults)

no-ecdhe

boolean

--no-ecdheDo not allow ECDHE handshakes

root-cas

file

--root-casSet of certificates to use when verifying server certificates

gomaxprocs

string

--gomaxprocsSet GOMAXPROCS (default: 0)

heartbleed

boolean

--heartbleedCheck if server is vulnerable to Heartbleed

input-file

file

required

Input file

prometheus

string

--prometheusAddress to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled

dsa-enabled

boolean

--dsa-enabledAccept server DSA keys

max-version

string

--max-versionThe maximum SSL/TLS version that is acceptable. 0 means use the highest supported value.

min-version

string

--min-versionThe minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum.

next-protos

file

--next-protosA list of supported application-level protocols

server-name

string

--server-nameServer name used for certificate verification and (optionally) SNI

certificates

file

--certificatesSet of certificates to present to the server

cipher-suite

string

--cipher-suiteA comma-delimited list of hex cipher suites to advertise.

client-hello

string

--client-helloSet an explicit ClientHello (base64 encoded)

client-random

string

--client-randomSet an explicit Client Random (base64 encoded)

session-ticket

boolean

--session-ticketSend support for TLS Session Tickets and output ticket if presented

certificate-map

file

--certificate-mapA file mapping server names to certificates

extended-random

boolean

--extended-randomSend TLS Extended Random Extension

keep-client-logs

boolean

--keep-client-logsInclude the client-side logs in the TLS handshake

curve-preferences

string

--curve-preferencesA list of elliptic curves used in an ECDHE handshake, in order of preference.

heartbeat-enabled

boolean

--heartbeat-enabledIf set, include the heartbeat extension

read-limit-per-host

string

--read-limit-per-hostMaximum total kilobytes to read for a single host (default 96kb) (default: 96)

connections-per-host

string

--connections-per-hostNumber of times to connect to each host (results in more output) (default: 1)

signature-algorithms

string

--signature-algorithmsSignature and hash algorithms that are acceptable

extended-master-secret

boolean

--extended-master-secretOffer RFC 7627 Extended Master Secret extension

verify-server-certificate

boolean

--verify-server-certificateail if the server certificate does not match the server-name, or does not chain to a trusted root.

Library

Parameters