Skip to main content

Fast and flexible cryptographic protocol analyzer

Project description

CryptoLyzer is a fast, flexible, and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with application programming (API) and command line (CLI) interface.

However the API can provide the most complete functionality, the CLI also strives to be as comprehensive as possible. To do that CLI provides three output formats. The first one for human analysis where the cryptographic algorithm names and the values of key sizes and other security-related settings are colorized according to their security strength using the well-known traffic light rating system. The other two output formats (Markdown, JSON) are machine-readable, however the Markdown format even human-readable and even suitable for generating documentation in different formats (e.g. DOCX, PDF, …).

The strength of CryptoLyzer compared to its competitors is that it contains a custom implementation of cryptographic protocols (CryptoParser), which are as small as absolutely necessary for the analysis, but as most comprehensive algorithm identifier sets of the cryptographic protocols (CryptoDataHub) as possible. The combination of the two properly makes it possible to check the support of rarely used, deprecated, non-standard, or experimental algorithms and methods that are not yet or have never been supported by the most popular cryptographic algorithms. This way of working leads to the fact that CryptoLyzer can recognize more TLS cipher suites than listed in total on Ciphersuite Info.



pip install cryptolyzer

cryptolyze tls all
cryptolyze tls1_2 ciphers
cryptolyze ssh2 ciphers
cryptolyze http headers
cryptolyze dns dnssec


docker run --rm coroner/cryptolyzer tls all
docker run --rm coroner/cryptolyzer tls1_2 ciphers
docker run --rm coroner/cryptolyzer ssh2 ciphers
docker run --rm coroner/cryptolyzer http headers
docker run --rm coroner/cryptolyzer dns dnssec
docker run -ti --rm -p coroner/cryptolyzer ja3 generate
openssl s_client -connect

docker run -ti --rm -p coroner/cryptolyzer ja3 generate
openssl s_client -starttls ftp -connect
docker run -ti --rm -p coroner/cryptolyzer hassh generate
openssl s_client -connect


Python implementation

  • CPython (2.7, 3.3+)

  • PyPy (2.7, 3.5+)

Operating systems

  • Linux

  • macOS

  • Windows

Social Media


Detailed documentation is available on the project’s Read the Docs site.


The code is available under the terms of Mozilla Public License Version 2.0 (MPL 2.0).

A non-comprehensive, but straightforward description of MPL 2.0 can be found at Choose an open source license website.


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

CryptoLyzer-0.12.0.tar.gz (92.6 kB view hashes)

Uploaded source

Built Distribution

CryptoLyzer-0.12.0-py3-none-any.whl (105.2 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page