tls-scan
A program to scan TLS based servers and collect X.509 certificates, ciphers and related information. It produces results in JSON format. tls-scan
is a single threaded asynchronous/event-based program (powered by libevent) capable of concurrently scan thousands of TLS servers. It can be combined with other tools such as GNU parallel to vertically scale in multi-core machines.
tls-scan
helps developers and security engineers to track/test/debug certificates and TLS configurations of servers within their organization.
Features
- Support for TLSv1.3
- TLS and StartTLS protocol support: SMTP, IMAP, POP3, FTPS, SIEVE, NNTP, XMPP, LDAP, RDP, POSTGRES, MYSQL
- Blazing fast - Can operate at scale with the ability to concurrently scan large number of servers (say scan IoT devices at scale)
- Detect SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 versions and ciphers
- ALPN protocol id enumeration
- Cipher and TLS version enumeration
- Extract X.509 certificate fields from the target server and print it in JSON format
- Certificate and host name verification checks
- TLS compression checks
- Session reuse tests
- Certificate revocation checks with stapled OCSP response
- Script friendly output - Can be combined with other tools to analyze the scan results
- Detailed run time stats for tracking progress and performance/charts
This tool is primarily for collecting TLS cipher and X.509 certificate data. The scan output can be easily combined with related tools to identify TLS misconfigurations.
Installation
You may either use pre-built binary package or build from the source.
Pre-built Binary (x86_64)
Linux and OSX: https://github.com/prbinu/tls-scan/releases/latest
Build From Source
All you need is build-x86-64.sh
(or build-arm64.sh
for Linux Arm arch). This script pulls dependent packages - PeterMosmans openssl
, libevent
and GnuTLS, and build those from the scratch. Since the openssl we use is different from stock openssl, it is linked statically to tls-scan program. The build can take approximately twenty minutes to complete.
Build Pre-requisites :
- autoconf
- automake
- libtool
- pkg-config
- gcc
- make
On Ubuntu:
sudo apt-get update
sudo apt-get install make autoconf automake libtool pkg-config gcc unzip -y
Linux
git clone https://github.com/prbinu/tls-scan.git
cd tls-scan
x84_64
./build-x86-64.sh
The newly built tls-scan binary can be found at ./build-root/bin
. build-x86-64.sh is a wrapper script that calls ./bootstrap.sh
to build all dependent packages. bootstrap.sh also executes the autoreconf -i
command to generate configure
file. Subsequently it calles the standard ./configure
, make && make install
.
arm64
./build-arm64.sh
Test :
cd build-root/bin
./tls-scan --connect=yahoo.com --cacert=../etc/tls-scan/ca-bundle.crt --pretty
OSX
If you do not have the pre-requisite packages, you can easily install those packages by following the links below:
git clone https://github.com/prbinu/tls-scan.git
cd tls-scan
./build-x86-64.sh
The tls-scan binary can be found at ./build-root/bin
. Another (easy) option is to use our Docker image to build and run tls-scan
on OSX.
Running tls-scan
on Mac Apple Silicon (Arm/M1/M2):
Currently no native build support, however you may run tls-scan
binary using Rosetta2
Docker
Pre-requisite : Docker
Build : Copy the Dockerfile to your machine, and run it:
docker build -t tls-scan .
Test :
docker run --rm tls-scan --connect=example.com:443 --all --pretty
Example
./tls-scan -c search.yahoo.com --all --pretty
{
"host": "search.yahoo.com",
"ip": "208.71.45.12",
"port": 443,
"elapsedTime": 1600,
"tlsVersion": "TLSv1.2",
"cipher": "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD",
"tempPublicKeyAlg": "ECDH prime256v1",
"tempPublicKeySize": 256,
"secureRenego": true,
"compression": "NONE",
"expansion": "NONE",
"sessionLifetimeHint": 100800,
"tlsVersions": [
"TLSv1",
"TLSv1_1",
"TLSv1_2"
],
"x509ChainDepth": 2,
"verifyCertResult": true,
"verifyHostResult": true,
"ocspStapled": true,
"verifyOcspResult": true,
"certificateChain": [
{
"version": 3,
"subject": "CN=*.search.yahoo.com; O=Yahoo! Inc.; L=Sunnyvale; ST=CA; C=US",
"issuer": "CN=DigiCert SHA2 High Assurance Server CA; OU=www.digicert.com; O=DigiCert Inc; C=US",
"subjectCN": "*.search.yahoo.com",
"subjectAltName": "DNS:*.search.yahoo.com, DNS:search.yahoo.com, DNS:search.yahoo.net, ...",
"signatureAlg": "sha256WithRSAEncryption",
"notBefore": "Dec 9 00:00:00 2016 GMT",
"notAfter": "Apr 30 12:00:00 2017 GMT",
"expired": false,
"serialNo": "0F:45:73:E3:F5:7A:7D:5B:43:57:64:2A:6C:46:F2:1C",
"keyUsage": "Digital Signature, Key Encipherment critical",
"extKeyUsage": "TLS Web Server Authentication, TLS Web Client Authentication",
"publicKeyAlg": "RSA",
"publicKeySize": 2048,
"basicConstraints": "CA:FALSE critical",
"subjectKeyIdentifier": "63:0F:82:DB:F9:B0:64:78:90:C9:16:69:95:84:24:F1:4B:04:6F:E4",
"sha1Fingerprint": "F7:35:E5:C9:A3:60:62:07:CB:55:74:7E:0F:09:AD:2A:F3:F3:53:F3"
}, {
"version": 3,
"subject": "CN=DigiCert SHA2 High Assurance Server CA; OU=www.digicert.com; O=DigiCert Inc; C=US",
"issuer": "CN=DigiCert High Assurance EV Root CA; OU=www.digicert.com; O=DigiCert Inc; C=US",
"subjectCN": "DigiCert SHA2 High Assurance Server CA",
"signatureAlg": "sha256WithRSAEncryption",
"notBefore": "Oct 22 12:00:00 2013 GMT",
"notAfter": "Oct 22 12:00:00 2028 GMT",
"expired": false,
"serialNo": "04:E1:E7:A4:DC:5C:F2:F3:6D:C0:2B:42:B8:5D:15:9F",
"keyUsage": "Digital Signature, Certificate Sign, CRL Sign critical",
"extKeyUsage": "TLS Web Server Authentication, TLS Web Client Authentication",
"publicKeyAlg": "RSA",
"publicKeySize": 2048,
"basicConstraints": "CA:TRUE, pathlen:0 critical",
"subjectKeyIdentifier": "51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B",
"sha1Fingerprint": "A0:31:C4:67:82:E6:E6:C6:62:C2:C8:7C:76:DA:9A:A6:2C:CA:BD:8E"
} ]
}
| Useful Tip: Use --concurrency=<n>
option if you want to scan multiple target servers in parallel. |
|—————-|
Usage
The scan output can be shoved into tools like Splunk or ELK for analysis.
Command-line Query & Filter
By passing tls-scan
output to JSON command-line parser like jq
, you can do realtime filtering on the scan results.
Examples:
Command to filter out hosts that passed certificate and host name verifications:
cat input.txt | tls-scan --port=443 2>/dev/null | \
jq-linux64 -r 'select(.verifyHostResult == true and .verifyCertResult == true) | [.host, .ip, .verifyHost, .verifyCert] | @tsv'
Command to find hosts with expired certificates :
cat input.txt | tls-scan --port=443 --concurrency=500 --timeout=5 2>/dev/null | \
jq-linux64 -r 'select(.certificateChain[].expired == true) | [.host, .ip] | @tsv'
Command to find weak RSA keys :
cat tlscerts.out | \
jq-linux64 -r 'select(.certificateChain[0].publicKeyAlg == "RSA" and .certificateChain[0].publicKeySize < 2048) | [.host, .ip]'
Command to find hosts that support SSLv2 or SSLv3 :
tls-scan --infile=domains.txt --port=443 --version-enum --concurrency=250 --timeout=3 2>/dev/null | \
jq-linux64 -r 'if (.tlsVersions[] | contains("SSL")) == true then [.host, .ip, .tlsVersions[]] else empty end | @tsv'
NOTE: Avoid frequent scan + filter; instead save the scan output to a file and use it to run queries.
Help
Option | Description |
---|---|
-H –help | Print a usage message briefly summarizing these command-line options and the bug-reporting address, then exit. |
-c –connect=<arg> | target[:port] to scan. target = {hostname, IPv4, [IPv6] }. IPv6 example: [::1]:443 (default port 443). |
–starttls=<protocol> | Supported protocols: smtp , imap , pop3 , ftp , sieve , nntp , xmpp , ldap , rdp , postgres , mysql , tls (default) |
-c –cacert=<file> | Root CA file for certificate validation. By default the program attempts to load ca-bundle.crt file from current directory. |
-C –ciphers=<arg> | Ciphers to use; try openssl ciphers to see all ciphers. Note that this option will be overwritten by --ssl2 , --ssl3 , --tls1 , --tls1_1 , --tls1_2 options, if provided. Example: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384" |
-e –cipher-enum | Enumerate supported ciphers. Currently use --tls-old ciphers. Try --meta-info to find predefined cipher suite options. |
–show-unsupported-ciphers | Include unsupported ciphers in the cipher list to JSON output. |
-V –version-enum | Enumerate supported TLS versions. |
-v –version | Print tls-scan version and build information. |
-r –session-reuse | Enable ssl session reuse. |
-u –session-print | Print SSL session in PEM format to stderr. This is currently not included in the JSON output, but print seperately. This flag woould be useful if you wanted to pass SSL session to --session-file to test session reuse. |
-T –session-file=<file> | File that contains SSL session in PEM format. |
-a –all | Shortcut for --version-enum , --cipher-enum and --session-reuse options. This scan can take longer time to complete. Also note if the server employs some form of rate-limiting, your scan may fail. |
-s –sni=<host> | Set TLS extension servername in ClientHello . Defaults to input hostname and applied to TLSv1+ only. |
-b –concurrency=<number> | Number of concurrent requests. The default is 1. This option specify the number of worker objects. Concurrency should be set based on your system capacity (memory, cpu, network) etc. Default: 1. |
-t –timeout=<number> | Timeout per connection (in seconds). Note that is is per connection and for cipher scans, tls-scan makes several connections to the same server. Default: 10. |
-S –sleep=<number> | Add milliseconds delay between the connection. Only for --cipher-enum and --version-enum options. Useful to manage server rate-limits. The max sleep value is 60000 (1 minute). Default: 0. |
-f –infile=<file> | Input file with domains or IPs. This is optional and by default the program accepts input from standard input (stdin ). |
-o –outfile=<file> | Output file where the result in JSON format is stored. The default is standard output (stdout ). |
-n –pretty | Pretty print; add newline (\n ) between record fields. |
-N –nameserver=<ip> | DNS resolver IPs to use and is an optional field. Multiple Namespace IP address can be passed. Format: -N <ip1> -N <ip2> -N <ip3>.. In practice, DNS servers may have tight rate-limit in place. |
–ssl2 | Use only SSLv2 ciphers. |
–ssl3 | Use only SSLv3 ciphers. |
–tls1 | Use only TLSv1 ciphers. |
–tls1_1 | Use only TLSv1_1 ciphers. |
–tls1_2 | Use only TLSv1_2 ciphers. |
–tls-modern | Mozilla’s modern cipher list. See: https://wiki.mozilla.org/Security/Server_Side_TLS. |
–tls-interm | Mozilla’s intermediate cipher list. |
–tls-old | Mozilla’s old (backward compatible cipher list). |
–no-parallel-enum | Disable parallel cipher and tls version enumeration. Parallel scan is performed only with ‘–connect’ option. |
–meta-info | Print program meta information and exit. Useful if you wanted to see predefined cipher options. |
–stats-outfile=<file> | Enable run-time scan stats and save it to a file |
Caveats
- The following ciphers are currently disabled:
SRP:PSK
TLS 1.3 Support
To support old, insecure cipher scans, we are using an old openssl version that doesn’t have support for TLS 1.3. So to support TLS 1.3, we need a newer openssl version (v1.1.1+). Since linking two openssl libraries to the same process space doesn’t work out of box (duplicate symbols), we chose to use GnuTLS library for TLS 1.3+ support. In short, openssl is used for scanning SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 and GnuTLS is used for TLSv1.3.
Contributions
Collaborators and pull requests are welcome!