Perform TLS scan of single domain
Project description
cryptonice
Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
User Guide
cryptonice requires a domain name (like www.github.com) and either a DEFAULT or CUSTOM tag to run.
DEFAULT will result in the following dictionary of commands being run.
{
"id": "test.py",
"port": 443,
"scans": ["TLS", "HTTP", "DNS"],
"tls_params": ["certificate_information", "ssl_2_0_cipher_suites", "ssl_3_0_cipher_suites","tls_1_0_cipher_suites", "tls_1_1_cipher_suites", "tls_1_2_cipher_suites","tls_1_3_cipher_suites", "http_headers"],
"http_body": false,
"force_redirect": true,
"print_out": true,
"targets": ["www.github.com"]
}
CUSTOM allows the user to further specify the commands to their liking. The optional commands are:
- --PORT: port to perform the scan on (default = 443)
- --SCANS: scans to perform (options: "TLS" scan, "HTTP" headers, "HTTP2" check, "DNS" data)
- --TLS_PARAMETERS: TLS specific scans to perform:
- all, no_vuln_tests, certificate_info, ssl_2_0_cipher_suites, ssl_3_0_cipher_suites, tls_1_0_cipher_suites, tls_1_1_cipher_suites, tls_1_2_cipher_suites, tls_1_3_cipher_suites, tls_compression, tls_1_3_early_data, openssl_ccs_injection, heartbleed, robot, tls_fallback_scsv, session_renegotiation, session_resumption, session_resumption_rate, http_headers
- all results in all commands being run, no_vuln_tests results in certificate_info, http_headers and the cipher_suites commands being run.
- More information on each of these scan options can be found at: https://nabla-c0d3.github.io/sslyze/documentation/available-scan-commands.html
- --HTTP_BODY: Y/y or N/n - sets a Boolean variable to include or exclude HTTP pages information
- --FORCE_REDIRECTS: Y/y or N/n - sets a Boolean variable to check for automatic redirects from port 80 to 443 in a TLS scan (default = Y)
- --PRINT_OUT: Y/y or N/n - sets a Boolean variable to print scan results to console (default = Y)
- --JSON_OUT: Y/y or N/n - sets a Boolean variable to print scan results to JSON output file (default = Y)
Output
cryptonice generates a JSON output file with the information requested by the input parameters. Output files will be named after the domain name and port provided (ex: target = www.github.com, port = 443, output = www.github.com-443.json)
Limitations
This code does not currently have the capability to scan a server based on an IP address and an SNI. Instead, the user must supply a hostname and internally the code will do a DNS resolution. This may lead to discrepancies in the IP address scanned in the TLS portions and the HTTP headers section.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cryptonice-0.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0b67f41dbf57016df2ddeddad55c83d71857b8189745f3394f08ad9f0b996bd0 |
|
MD5 | 6ffdbdaa26b5e61c2a7268735fa4fd4d |
|
BLAKE2b-256 | af32a8a5ccf4d9cce5542dddcf9b456603c9f1cb37e0d3cad248a0f313350ed2 |