Identifies TLS/SSL libraries in running processes using Frida-based dynamic instrumentation.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for monkeywave from gravatar.com monkeywave

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Daniel Baier
  • Tags frida , ssl , tls , instrumentation , security
  • Requires: Python >=3.8
  • Provides-Extra: macos
Classifiers
Report project as malware

Project description

TlsLibHunter Logo

Identifying TLS Libraries Within Processes

TLSLibHunter

version PyPI version Publish status Lint

Identify and extract TLS/SSL libraries from running processes using dynamic instrumentation.

Installation

pip install tlsLibHunter

Quick Start

CLI Usage

# List TLS libraries in a local process
tlsLibHunter firefox -l

# Scan and extract TLS libraries
tlsLibHunter firefox

# Android device
tlsLibHunter com.example.app -m -l

# JSON output
tlsLibHunter firefox -l -f json

Example output:

tlslibhunter -m -l Chrome
INFO: Platform: android
INFO: Found 324 loaded modules
INFO: Pattern match in libssl.so: 1 hits
INFO: Detected: libssl.so (boringssl, system)
INFO: Pattern match in libmonochrome_64.so: 1 hits
INFO: Fingerprint: libmonochrome_64.so identified as boringssl
INFO: Detected: libmonochrome_64.so (boringssl, app)
INFO: Scan complete: 2 TLS libraries found in 298 modules (8.06s)
        				TLS Libraries in 'Chrome' (android)                    
┏━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ #    ┃ Library             ┃ Type      ┃ Class  ┃      Size ┃ Path                       ┃
┡━━━━━━╇━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ 1     libssl.so            boringssl  system  376.0 KiB  /apex/com.…                │
│ 2     libmonochrome_64.so  boringssl  app     119.1 MiB  /data/app/~~NlI…           │
└──────┴─────────────────────┴───────────┴────────┴───────────┴────────────────────────────┘

Scanned 298 modules in 8.06s

Python API

from tlslibhunter import TLSLibHunter

# Scan a local process
hunter = TLSLibHunter("firefox")
result = hunter.scan()
for lib in result.libraries:
    print(f"{lib.name} ({lib.library_type}) - {lib.path}")

# Scan and extract
result = hunter.scan()
extractions = hunter.extract(result, output_dir="./extracted_libs")

Features

  • Memory scanning for TLS string patterns
  • Supports OpenSSL, BoringSSL, GnuTLS, wolfSSL, mbedTLS, NSS, SChannel, SecureTransport
  • Multi-platform: Android, iOS, Windows, Linux, macOS
  • Multiple extraction methods: disk copy, ADB pull, APK extraction, memory dump
  • Clean Python API for programmatic use
  • Backend abstraction (currently only frida but might be extended to other frameworks in the future)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for monkeywave from gravatar.com monkeywave

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Daniel Baier
  • Tags frida , ssl , tls , instrumentation , security
  • Requires: Python >=3.8
  • Provides-Extra: macos
Classifiers

Release history Release notifications | RSS feed

This version

0.1.7

0.1.5

0.1.4

0.1.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tlslibhunter-0.1.7.tar.gz (55.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tlslibhunter-0.1.7-py3-none-any.whl (61.4 kB view details)

Uploaded Python 3

File details

Details for the file tlslibhunter-0.1.7.tar.gz.

File metadata

  • Download URL: tlslibhunter-0.1.7.tar.gz
  • Upload date:
  • Size: 55.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for tlslibhunter-0.1.7.tar.gz
Algorithm Hash digest
SHA256 b8941e326bf2ebcdc1f1460abd7a18da7450cc5bdbfb94ab4614eaaa4e5c955d
MD5 09fa313e281dd4e063c3c68094bc009a
BLAKE2b-256 de4cac490d50a0c5ebe01a1f3d73321db91d0cfa3bd6d1d45c878d401fb986f8

See more details on using hashes here.

Provenance

The following attestation bundles were made for tlslibhunter-0.1.7.tar.gz:

Publisher: publish.yml on monkeywave/tlsLibHunter

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file tlslibhunter-0.1.7-py3-none-any.whl.

File metadata

  • Download URL: tlslibhunter-0.1.7-py3-none-any.whl
  • Upload date:
  • Size: 61.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for tlslibhunter-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 b7156e3d988c1baa72094121c3d8abdfabe6b538595a6104635b1dacca745d67
MD5 b352d840d3e1792e2791bb6fff7b0f1a
BLAKE2b-256 6aa32b922366ca40ce2278570db731c5cf9ffb84372643596e49a88e558f9b87

See more details on using hashes here.

Provenance

The following attestation bundles were made for tlslibhunter-0.1.7-py3-none-any.whl:

Publisher: publish.yml on monkeywave/tlsLibHunter

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page