{"id":27123604,"url":"https://github.com/badkeys/badkeys","last_synced_at":"2026-02-18T22:05:50.255Z","repository":{"id":37705429,"uuid":"447627103","full_name":"badkeys/badkeys","owner":"badkeys","description":"Tool to find common vulnerabilities in cryptographic public keys","archived":false,"fork":false,"pushed_at":"2026-02-15T21:20:19.000Z","size":697,"stargazers_count":310,"open_issues_count":3,"forks_count":25,"subscribers_count":10,"default_branch":"main","last_synced_at":"2026-02-15T22:52:20.910Z","etag":null,"topics":["cryptography","publickey","rsa","security"],"latest_commit_sha":null,"homepage":"https://badkeys.info/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/badkeys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-01-13T14:20:24.000Z","updated_at":"2026-02-15T21:20:22.000Z","dependencies_parsed_at":"2025-04-07T13:02:16.390Z","dependency_job_id":"19526af5-1d2a-49e8-b791-5cfbc5b9b571","html_url":"https://github.com/badkeys/badkeys","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/badkeys/badkeys","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badkeys%2Fbadkeys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badkeys%2Fbadkeys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badkeys%2Fbadkeys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badkeys%2Fbadkeys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/badkeys","download_url":"https://codeload.github.com/badkeys/badkeys/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badkeys%2Fbadkeys/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29596358,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T20:59:56.587Z","status":"ssl_error","status_checked_at":"2026-02-18T20:58:41.434Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","publickey","rsa","security"],"created_at":"2025-04-07T13:01:43.070Z","updated_at":"2026-02-18T22:05:50.250Z","avatar_url":"https://github.com/badkeys.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# badkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\n# what?\n\nbadkeys checks public keys in various formats for known vulnerabilities. A web version\ncan be found at [badkeys.info](https://badkeys.info/).\n\n# install\n\nbadkeys can be installed [via pip](https://pypi.org/project/badkeys/):\n```\npip3 install badkeys\n```\n\nYou may want to use a virtual environment. For details about different installation\noptions, please [check the official Python documentation](\nhttps://packaging.python.org/en/latest/tutorials/installing-packages/). Alternatively,\nyou can directly call _./badkeys-cli_ directly from the git repository.\n\n# usage\n\nBefore using badkeys, you need to download the blocklist data:\n```\nbadkeys --update-bl\n```\n\nAfter that, you can call _badkeys_ and pass files with cryptographic public keys as the\nparameter:\n```\nbadkeys test.crt my.key\n```\n\nIt will automatically try to detect the file format. Supported are public and private\nkeys in PEM format (both PKCS #1 and PKCS #8), X.509 certificates, certificate signing\nrequests (CSRs) and SSH public keys. You can find some test keys in the _tests/data_\ndirectory.\n\nBy default, badkeys will only output information about vulnerable keys, meaning no\noutput will be generated if no vulnerabilities are found. The _-a_ parameter creates\noutput for all keys.\n\nThe command line tool will return 0 if keys were scanned, no errors occurred, and no\nvulnerabilities were detected. It returns 1 for application errors, 2 if any input could\nnot be scanned (parser errors, unsupported key types, files without a key), and 4 if a\nvulnerable key was found. Return codes can be combined as a bitmask. (E.g., 2|4=6\nindicates that some keys were vulnerable and some could not be scanned.)\n\n# scanning\n\nbadkeys can scan SSH and TLS hosts and automatically check their public keys. This can\nbe enabled with the parameters _-s_ (SSH) and _-t_ (TLS). By default, SSH will be\nscanned on port 22 and TLS will be scanned on several ports for common protocols\n(https/443, smtps/465, ldaps/636, ftps/990, imaps/993, pop3s/995 and 8443, which is\ncommonly used as a non-standard https port).\n\nAlternative ports can be configured with _--tls-ports_ and _--ssh-ports_.\n\nTLS and SSH scanning can be combined:\n```\nbadkeys -ts example.org\n```\n\nNote that the scanning modes have limitations. It is often more desirable to use other\ntools to collect TLS/SSH keys and scan them locally with badkeys.\n\nSSH scanning needs [paramiko](https://www.paramiko.org/) as an additional dependency.\n\nTLS scanning can't detect multiple certificates on one host (e.g. ECDSA and RSA). This\nis a [limitation of Python's ssl.get_server_certificate() function](\nhttps://bugs.python.org/issue31892).\n\n# Python module and API\n\nbadkeys can also be used as a Python module. However, currently the software is in beta\nstate and the API may change regularly.\n\n# about\n\nbadkeys was written by [Hanno Böck](https://hboeck.de).\n\n[badkeys is currently funded](https://nlnet.nl/project/badkeys/) through the [NGI0 Core\nFund](https://nlnet.nl/core), a fund established by [NLnet](https://nlnet.nl/) with\nfinancial support from the European Commission's [Next Generation Internet](\nhttps://ngi.eu/) programme, under the aegis of [DG Communications Networks, Content and\nTechnology](\nhttps://commission.europa.eu/about-european-commission/departments-and-executive-agencies/communications-networks-content-and-technology_en)\nunder grant agreement No [101092990](https://cordis.europa.eu/project/id/101092990).\n\nThis work was initially funded in 2022 by Industriens Fond through the CIDI project\n(Cybersecure IOT in Danish Industry) and the [Center for Information Security and Trust\n(CISAT)](https://cisat.dk/) at the IT University of Copenhagen, Denmark.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbadkeys%2Fbadkeys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbadkeys%2Fbadkeys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbadkeys%2Fbadkeys/lists"}