Fast and flexible cryptographic protocol analyzer
Project description
What is it and what is it not?
As the project name CryptoLyzer implies, it is a cryptographic protocol analyzer. The main purpose of creating this application is the fact, that cryptography protocol analysis differs in many aspect from establishing a connection using a cryptographic protocol. Analysis is mostly testing where we trigger special and corner cases of the protocol and we also trying to establish connection with hardly supported, experimental, obsoleted or even deprecated mechanisms or algorithms which are may or may not supported by the latest or any version of an implementation of the cryptographic protocol.
As follows, it is neither a comprehensive nor a secure client/server implementation of any cryptographic protocol. On the one hand analyzer implements only the absolutely necessary parts of the protocol to interact with servers. On the other it may use completely insecure algorithms and mechanisms. It is not designed and contraindicated to use these client/server implementations establishing secure connections. If you are searching for proper cryptographic protocol implementations, there are several existing wrappers and native implementations for Python (eg: M2Crypto, pyOpenSSL, Paramiko, …).
Quick start
CryptoLyzer can be installed directly via pip
pip install cryptolyzer
cryptolyze tls ciphers www.example.com
or via APT on Debian based systems
apt update && apt install -y gnupg2 curl
echo 'deb https://download.opensuse.org/repositories/home:/pfeiffersz:/cryptolyzer:/dev/Debian_10/ /' >/etc/apt/sources.list.d/cryptolyzer.list
curl -s https://download.opensuse.org/repositories/home:/pfeiffersz:/cryptolyzer:/dev/Debian_10/Release.key | apt-key add -
apt update && apt install -y python3-pkg-resources python3-cryptoparser python3-cryptolyzer
cryptolyze tls ciphers www.example.com
or via DNF on Fedora based systems
dnf install 'dnf-command(config-manager)'
dnf config-manager --add-repo https://download.opensuse.org/repositories/home:/pfeiffersz:/cryptolyzer:/dev/Fedora_31/
rpm --import http://download.opensuse.org/repositories/home:/pfeiffersz:/cryptolyzer:/dev/Fedora_31/repodata/repomd.xml.key
dnf install python3-urllib3 python3-cryptography cryptoparser cryptolyzer
or can be used via Docker
docker run --rm coroner/cryptolyzer tls ciphers www.example.com
docker run -ti --rm -p 127.0.0.1:4433:4433 coroner/cryptolyzer ja3 generate 127.0.0.1:4433
openssl s_client -connect 127.0.0.1:4433
Development environment
If you want to setup a development environment, you are in need of pipenv.
$ git clone https://gitlab.com/coroner/cryptolyzer
$ cd cryptolyzer
$ pipenv install --dev
$ pipenv run python setup.py develop
$ pipenv shell
$ cryptolyze -h
Generic Features
Protocols
SSL/TLS
Analyzers
Analyzers
|
Protocos |
||||
---|---|---|---|---|---|
SSL |
TLS |
||||
2.0 |
3.0 |
1.0 |
1.1 |
1.2 |
|
Cipher Suites (ciphers) |
✓ |
✓ |
✓ |
✓ |
✓ |
X.509 Public Keys (pubkeys) |
✓ |
✓ |
✓ |
✓ |
✓ |
Elliptic Curves (curves) |
n/a |
n/a |
✓ |
✓ |
✓ |
Diffie-Hellman parameters (dhparams) |
n/a |
n/a |
✓ |
✓ |
✓ |
Signature Algorithms (sigalgos) |
n/a |
n/a |
n/a |
✓ |
✓ |
Python implementation
CPython (2.7, >=3.3)
PyPy (2.7, 3.5)
Operating systems
Linux
macOS
Windows
Protocol Specific Features
Transport Layer Security (TLS)
Only features that cannot be or difficultly implemented by the most popular SSL/TLS implementations (eg: GnuTls, LibreSSL, OpenSSL, wolfSSL, …) are listed.
Cipher Suites
supports each cipher suites discussed on ciphersuite.info
Fingerprinting
Credits
License
The code is available under the terms of Mozilla Public License Version 2.0 (MPL 2.0).
A non-comprehensive, but straightforward description of MPL 2 can be found at Choose an open source license website.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Social Media
Twitter
Facebook