{"id":18464259,"url":"https://github.com/projectdiscovery/tlsx","last_synced_at":"2025-05-14T00:03:00.232Z","repository":{"id":39533239,"uuid":"496628504","full_name":"projectdiscovery/tlsx","owner":"projectdiscovery","description":"Fast and configurable TLS grabber focused on TLS based data collection.","archived":false,"fork":false,"pushed_at":"2025-05-05T03:26:27.000Z","size":1700,"stargazers_count":962,"open_issues_count":20,"forks_count":90,"subscribers_count":25,"default_branch":"main","last_synced_at":"2025-05-08T00:45:56.680Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectdiscovery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-05-26T13:19:58.000Z","updated_at":"2025-05-05T00:58:24.000Z","dependencies_parsed_at":"2024-01-11T12:42:29.949Z","dependency_job_id":"3a7ebec0-d4d8-4708-be77-20769ba2ed00","html_url":"https://github.com/projectdiscovery/tlsx","commit_stats":{"total_commits":473,"total_committers":19,"mean_commits":"24.894736842105264","dds":"0.34672304439746304","last_synced_commit":"4e2bfc5c6630e22356ae6a4f5c12770080e49544"},"previous_names":[],"tags_count":29,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Ftlsx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Ftlsx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Ftlsx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Ftlsx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectdiscovery","download_url":"https://codeload.github.com/projectdiscovery/tlsx/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254043267,"owners_count":22004913,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T09:09:15.739Z","updated_at":"2025-05-14T00:03:00.183Z","avatar_url":"https://github.com/projectdiscovery.png","language":"Go","readme":"\u003ch1 align=\"center\"\u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/8293321/174841003-01a62bad-2ecf-4874-89c4-efa53dd56884.png\" width=\"200px\"\u003e\n\u003cbr\u003e\n\u003c/h1\u003e\n\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-_red.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://goreportcard.com/badge/github.com/projectdiscovery/tlsx\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/projectdiscovery/tlsx\"\u003e\u003c/a\u003e\n\u003ca href=\"https://pkg.go.dev/github.com/projectdiscovery/tlsx/pkg/tlsx\"\u003e\u003cimg src=\"https://img.shields.io/badge/go-reference-blue\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/tlsx/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/projectdiscovery/tlsx\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/pdiscoveryio\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/pdiscoveryio.svg?logo=twitter\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://img.shields.io/discord/695645237418131507.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n  \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"#running-tlsx\"\u003eRunning tlsx\u003c/a\u003e •\n  \u003ca href=\"https://discord.gg/projectdiscovery\"\u003eJoin Discord\u003c/a\u003e\n\u003c/p\u003e\n\n\nA fast and configurable TLS grabber focused on TLS based **data collection and analysis**.\n\n\n# Features\n\n![image](https://user-images.githubusercontent.com/8293321/174847743-0e229545-2431-4b4c-9029-878f218ad0bc.png)\n\n - Fast And fully configurable TLS Connection\n - Multiple **Modes for TLS Connection**\n - Multiple **TLS probes**\n - **Auto TLS Fallback** for older TLS version\n - **Pre Handshake** TLS connection (early termination)\n - Customizable **Cipher / SNI / TLS** selection\n - **JARM/JA3** TLS Fingerprint\n - **TLS Misconfigurations**\n - **ASN,CIDR,IP,HOST,** and **URL** input\n - STD **IN/OUT** and **TXT/JSON** output\n\n\n## Installation\n\ntlsx requires **Go 1.21** to install successfully. To install, just run the below command or download pre-compiled binary from [release page](https://github.com/projectdiscovery/tlsx/releases).\n\n```console\ngo install github.com/projectdiscovery/tlsx/cmd/tlsx@latest\n```\n\n## Usage\n\n```console\ntlsx -h\n```\n\nThis will display help for the tool. Here are all the switches it supports.\n\n```console\nTLSX is a tls data gathering and analysis toolkit.\n\nUsage:\n  tlsx [flags]\n\nFlags:\nINPUT:\n   -u, -host string[]  target host to scan (-u INPUT1,INPUT2)\n   -l, -list string    target list to scan (-l INPUT_FILE)\n   -p, -port string[]  target port to connect (default 443)\n\nSCAN-MODE:\n   -sm, -scan-mode string     tls connection mode to use (ctls, ztls, openssl, auto) (default \"auto\")\n   -ps, -pre-handshake        enable pre-handshake tls connection (early termination) using ztls\n   -sa, -scan-all-ips         scan all ips for a host (default false)\n   -iv, -ip-version string[]  ip version to use (4, 6) (default 4)\n\nPROBES:\n   -san                     display subject alternative names\n   -cn                      display subject common names\n   -so                      display subject organization name\n   -tv, -tls-version        display used tls version\n   -cipher                  display used cipher\n   -hash string             display certificate fingerprint hashes (md5,sha1,sha256)\n   -jarm                    display jarm fingerprint hash\n   -ja3                     display ja3 fingerprint hash (using ztls)\n   -wc, -wildcard-cert      display host with wildcard ssl certificate\n   -tps, -probe-status      display tls probe status\n   -ve, -version-enum       enumerate and display supported tls versions\n   -ce, -cipher-enum        enumerate and display supported cipher\n   -ct, -cipher-type value  ciphers types to enumerate. possible values: all/secure/insecure/weak (comma-separated) (default all)\n   -ch, -client-hello       include client hello in json output (ztls mode only)\n   -sh, -server-hello       include server hello in json output (ztls mode only)\n   -se, -serial             display certificate serial number\n\nMISCONFIGURATIONS:\n   -ex, -expired      display host with host expired certificate\n   -ss, -self-signed  display host with self-signed certificate\n   -mm, -mismatched   display host with mismatched certificate\n   -re, -revoked      display host with revoked certificate\n   -un, -untrusted    display host with untrusted certificate\n\nCONFIGURATIONS:\n   -config string               path to the tlsx configuration file\n   -r, -resolvers string[]      list of resolvers to use\n   -cc, -cacert string          client certificate authority file\n   -ci, -cipher-input string[]  ciphers to use with tls connection\n   -sni string[]                tls sni hostname to use\n   -rs, -random-sni             use random sni when empty\n   -rps, -rev-ptr-sni           perform reverse PTR to retrieve SNI from IP\n   -min-version string          minimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)\n   -max-version string          maximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)\n   -cert, -certificate          include certificates in json output (PEM format)\n   -tc, -tls-chain              include certificates chain in json output\n   -vc, -verify-cert            enable verification of server certificate\n   -ob, -openssl-binary string  OpenSSL Binary Path\n   -hf, -hardfail               strategy to use if encountered errors while checking revocation status\n\nOPTIMIZATIONS:\n   -c, -concurrency int  number of concurrent threads to process (default 300)\n   -cec, -cipher-concurrency int  cipher enum concurrency for each target (default 10)\n   -timeout int          tls connection timeout in seconds (default 5)\n   -retry int            number of retries to perform for failures (default 3)\n   -delay string         duration to wait between each connection per thread (eg: 200ms, 1s)\n\nUPDATE:\n   -up, -update                 update tlsx to latest version\n   -duc, -disable-update-check  disable automatic tlsx update check\n\nOUTPUT:\n   -o, -output string  file to write output to\n   -j, -json           display output in jsonline format\n   -dns                display unique hostname from SSL certificate response\n   -ro, -resp-only     display tls response only\n   -silent             display silent output\n   -nc, -no-color      disable colors in cli output\n   -v, -verbose        display verbose output\n   -version            display project version\n\nDEBUG:\n   -health-check, -hc  run diagnostic check up\n```\n\n## Using tlsx as library\n\nExamples of using tlsx as library are provided in the [examples](examples/) folder.\n\n## Running tlsx\n\n### Input for tlsx\n\n**tlsx** requires **ip** to make TLS connection and accept multiple format as listed below:\n\n```bash\nAS1449 # ASN input\n173.0.84.0/24 # CIDR input\n93.184.216.34 # IP input\nexample.com # DNS input\nexample.com:443 # DNS input with port\nhttps://example.com:443 # URL input port\n```\n\nInput host can be provided using `-host / -u` flag, and multiple values can be provided using comma-separated input, similarly **file** input is supported using `-list / -l` flag.\n\nExample of comma-separated host input: \n\n```console\n$ tlsx -u 93.184.216.34,example.com,example.com:443,https://example.com:443 -silent\n```\n\nExample of file based host input:\n\n```console\n$ tlsx -list host_list.txt\n```\n\n**Port Input:**\n\n**tlsx** connects on port **443** by default, which can be customized using `-port / -p` flag, single or multiple ports can be specified using comma sperated input or new line delimited file containing list of ports to connect. \n\n\nExample of comma-separated port input: \n\n```\n$ tlsx -u hackerone.com -p 443,8443\n```\n\nExample of file based port input: \n\n```\n$ tlsx -u hackerone.com -p port_list.txt\n```\n\n**Note:**\n\n\u003e When input host contains port in it, for example, `8.8.8.8:443` or `hackerone.com:8443`, port specified with host will be used to make TLS connection instead of default or one provided using `-port / -p` flag.\n\n### TLS Probe (default run)\n\nThis will run the tool against the given CIDR range and returns hosts that accepts tls connection on port 443.\n\n```console\n$ echo 173.0.84.0/24 | tlsx \n  \n\n  _____ _    _____  __\n |_   _| |  / __\\ \\/ /\n   | | | |__\\__ \\\u003e  \u003c \n   |_| |____|___/_/\\_\\  v0.0.1\n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions.\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n\n173.0.84.69:443\n173.0.84.67:443\n173.0.84.68:443\n173.0.84.66:443\n173.0.84.76:443\n173.0.84.70:443\n173.0.84.72:443\n```\n\n### SAN/CN Probe\n\nTLS certificate contains DNS names under **subject alternative name** and **common name** field that can be extracted using `-san`, `-cn` flag.\n\n```console\n$ echo 173.0.84.0/24 | tlsx -san -cn -silent\n\n173.0.84.104:443 [uptycspay.paypal.com]\n173.0.84.104:443 [api-3t.paypal.com]\n173.0.84.104:443 [api-m.paypal.com]\n173.0.84.104:443 [payflowpro.paypal.com]\n173.0.84.104:443 [pointofsale-s.paypal.com]\n173.0.84.104:443 [svcs.paypal.com]\n173.0.84.104:443 [uptycsven.paypal.com]\n173.0.84.104:443 [api-aa.paypal.com]\n173.0.84.104:443 [pilot-payflowpro.paypal.com]\n173.0.84.104:443 [pointofsale.paypal.com]\n173.0.84.104:443 [uptycshon.paypal.com]\n173.0.84.104:443 [api.paypal.com]\n173.0.84.104:443 [adjvendor.paypal.com]\n173.0.84.104:443 [zootapi.paypal.com]\n173.0.84.104:443 [api-aa-3t.paypal.com]\n173.0.84.104:443 [uptycsize.paypal.com]\n```\n\nFor ease of automation, optionally `-resp-only` flag can be used to list only dns names in CLI output.\n\n```console\n$ echo 173.0.84.0/24 | tlsx -san -cn -silent -resp-only\n\napi-aa-3t.paypal.com\npilot-payflowpro.paypal.com\npointofsale-s.paypal.com\nuptycshon.paypal.com\na.paypal.com\nadjvendor.paypal.com\nzootapi.paypal.com\napi-aa.paypal.com\npayflowpro.paypal.com\npointofsale.paypal.com\nuptycspay.paypal.com\napi-3t.paypal.com\nuptycsize.paypal.com\napi.paypal.com\napi-m.paypal.com\nsvcs.paypal.com\nuptycsven.paypal.com\nuptycsven.paypal.com\na.paypal.com\napi.paypal.com\npointofsale-s.paypal.com\npilot-payflowpro.paypal.com\n```\n\n**subdomains** obtained from TLS certificates can be further piped to other PD tools for further inspection, here is an example piping tls subdomains to **[dnsx](https://github.com/projectdiscovery/dnsx)** to filter passive subdomains and passing to **[httpx](https://github.com/projectdiscovery/httpx)** to list hosts running active web services.\n\n```console\n$ echo 173.0.84.0/24 | tlsx -san -cn -silent -resp-only | dnsx -silent | httpx\n\n    __    __  __       _  __\n   / /_  / /_/ /_____ | |/ /\n  / __ \\/ __/ __/ __ \\|   /\n / / / / /_/ /_/ /_/ /   |\n/_/ /_/\\__/\\__/ .___/_/|_|\n             /_/              v1.2.2\n\n    projectdiscovery.io\n\nUse with caution. You are responsible for your actions.\nDevelopers assume no liability and are not responsible for any misuse or damage.\nhttps://api-m.paypal.com\nhttps://uptycsize.paypal.com\nhttps://api.paypal.com\nhttps://uptycspay.paypal.com\nhttps://svcs.paypal.com\nhttps://adjvendor.paypal.com\nhttps://uptycshap.paypal.com\nhttps://uptycshon.paypal.com\nhttps://pilot-payflowpro.paypal.com\nhttps://slc-a-origin-pointofsale.paypal.com\nhttps://uptycsven.paypal.com\nhttps://api-aa.paypal.com\nhttps://api-aa-3t.paypal.com\nhttps://uptycsbrt.paypal.com\nhttps://payflowpro.paypal.com\nhttp://pointofsale-s.paypal.com\nhttp://slc-b-origin-pointofsale.paypal.com\nhttp://api-3t.paypal.com\nhttp://zootapi.paypal.com\nhttp://pointofsale.paypal.com\n````\n\n### TLS / Cipher Probe\n\n```console\n$ subfinder -d hackerone.com | tlsx -tls-version -cipher\n\nmta-sts.hackerone.com:443 [TLS1.3] [TLS_AES_128_GCM_SHA256]\nhackerone.com:443 [TLS1.3] [TLS_AES_128_GCM_SHA256]\napi.hackerone.com:443 [TLS1.3] [TLS_AES_128_GCM_SHA256]\nmta-sts.managed.hackerone.com:443 [TLS1.3] [TLS_AES_128_GCM_SHA256]\nmta-sts.forwarding.hackerone.com:443 [TLS1.3] [TLS_AES_128_GCM_SHA256]\nwww.hackerone.com:443 [TLS1.3] [TLS_AES_128_GCM_SHA256]\nsupport.hackerone.com:443 [TLS1.2] [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]\n```\n\n# TLS Misconfiguration\n\n### Expired / Self Signed / Mismatched / Revoked / Untrusted Certificate\n\nA list of host can be provided to tlsx to detect **expired / self-signed / mismatched / revoked / untrusted** certificates.\n\n```console\n$ tlsx -l hosts.txt -expired -self-signed -mismatched -revoked -untrusted\n  \n\n  _____ _    _____  __\n |_   _| |  / __\\ \\/ /\n   | | | |__\\__ \\\u003e  \u003c \n   |_| |____|___/_/\\_\\  v0.0.1\n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions.\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n\nwrong.host.badssl.com:443 [mismatched]\nself-signed.badssl.com:443 [self-signed]\nexpired.badssl.com:443 [expired]\nrevoked.badssl.com:443 [revoked]\nuntrusted-root.badssl.com:443 [untrusted]\n```\n\n### [JARM](https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a/) TLS Fingerprint\n\n```console\n$ echo hackerone.com | tlsx -jarm -silent\n\nhackerone.com:443 [29d3dd00029d29d00042d43d00041d5de67cc9954cc85372523050f20b5007]\n```\n\n### [JA3](https://github.com/salesforce/ja3) TLS Fingerprint\n\n```console\n$ echo hackerone.com | tlsx -ja3 -silent\n\nhackerone.com:443 [20c9baf81bfe96ff89722899e75d0190]\n```\n\n### JSON Output\n\n**tlsx** does support multiple probe flags to query specific data, but all the information is always available in JSON format, for automation and post processing using `-json` output is most convenient option to use.\n\n```console\necho example.com | tlsx -json -silent | jq .\n```\n\n```json\n{\n  \"timestamp\": \"2022-08-22T21:22:59.799053+05:30\",\n  \"host\": \"example.com\",\n  \"ip\": \"93.184.216.34\",\n  \"port\": \"443\",\n  \"probe_status\": true,\n  \"tls_version\": \"tls13\",\n  \"cipher\": \"TLS_AES_256_GCM_SHA384\",\n  \"not_before\": \"2022-03-14T00:00:00Z\",\n  \"not_after\": \"2023-03-14T23:59:59Z\",\n  \"subject_dn\": \"CN=www.example.org, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, ST=California, C=US\",\n  \"subject_cn\": \"www.example.org\",\n  \"subject_org\": [\n    \"Internet Corporation for Assigned Names and Numbers\"\n  ],\n  \"subject_an\": [\n    \"www.example.org\",\n    \"example.net\",\n    \"example.edu\",\n    \"example.com\",\n    \"example.org\",\n    \"www.example.com\",\n    \"www.example.edu\",\n    \"www.example.net\"\n  ],\n  \"issuer_dn\": \"CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US\",\n  \"issuer_cn\": \"DigiCert TLS RSA SHA256 2020 CA1\",\n  \"issuer_org\": [\n    \"DigiCert Inc\"\n  ],\n  \"fingerprint_hash\": {\n    \"md5\": \"c5208a47259d540a6e3404dddb85af91\",\n    \"sha1\": \"df81dfa6b61eafdffffe1a250240db5d2e6cee25\",\n    \"sha256\": \"7f2fe8d6b18e9a47839256cd97938daa70e8515750298ddba2f3f4b8440113fc\"\n  },\n  \"tls_connection\": \"ctls\",\n  \"sni\": \"example.com\"\n}\n```\n\n## Configuration\n\n### Scan Mode\n\ntlsx provides multiple modes to make TLS Connection -\n\n- `auto` (automatic fallback to other modes upon failure) - **default**\n- `ctls` (**[crypto/tls](https://github.com/golang/go/blob/master/src/crypto/tls/tls.go)**)\n- `ztls` (**[zcrypto/tls](https://github.com/zmap/zcrypto)**)\n- `openssl` (**[openssl](https://github.com/openssl/openssl)**)\n\nSome pointers for the specific mode / library is highlighted in [linked discussions](https://github.com/projectdiscovery/tlsx/discussions/2), `auto` mode is supported to ensure the maximum coverage and scans for the hosts running older version of TLS by retrying the connection using `ztls` and `openssl` mode upon any connection error.\n\nAn example of using `ztls` mode to scan website using old / outdated TLS version.\n\n```console\n$ echo tls-v1-0.badssl.com | tlsx -port 1010 -sm ztls\n  \n\n  _____ _    _____  __\n |_   _| |  / __\\ \\/ /\n   | | | |__\\__ \\\u003e  \u003c \n   |_| |____|___/_/\\_\\  v0.0.1\n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions.\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n\ntls-v1-0.badssl.com:1010\n```\n\n### OpenSSL\n\nTo use the openssl connection mode, you will need to have openssl installed on your system. Most modern systems come with openssl pre-installed, but if it is not present on your system, you can install it manually. You can check if openssl is installed by running the command `openssl version`. If openssl is installed, this command will display the version number.\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd\u003e\n\n### Pre-Handshake (Early Termination)\n\n**tlsx** supports terminating SSL connection early which leads to faster scanning and less connection request (disconnecting after TLS `serverhello` and certificate data is gathered).\n\nFor more detail, please refer to [Hunting-Certificates-And-Servers](https://github.com/erbbysam/Hunting-Certificates-And-Servers/blob/master/Hunting%20Certificates%20%26%20Servers.pdf) by [@erbbysam](https://twitter.com/erbbysam)\n\nAn example of using `-pre-handshake` mode:\n\n```console\n$ tlsx -u example.com -pre-handshake \n  \n\n  _____ _    _____  __\n |_   _| |  / __\\ \\/ /\n   | | | |__\\__ \\\u003e  \u003c \n   |_| |____|___/_/\\_\\  v0.0.1\n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions.\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n\nexample.com:443\n```\n\n\u003e **Note**:\n\n\u003e **pre-handshake** mode utilizes `ztls` (**zcrypto/tls**) which also means the support is limited till `TLS v1.2` as `TLS v1.3` is not supported by `ztls` library.\n\n\u003c/table\u003e\n\u003c/tr\u003e\n\u003c/td\u003e\n\n### TLS Version\n\n**Minimum** and **Maximum** TLS versions can be specified using `-min-version` and `-max-version` flags, as default these value are set by underlying used library.\n\nThe acceptable values for TLS version is specified below.\n\n- `ssl30`\n- `tls10`\n- `tls11`\n- `tls12`\n- `tls13`\n\nHere is an example using `max-version` to scan for hosts supporting an older version of TLS, i.e **TLS v1.0**\n\n```console\n$ tlsx -u example.com -max-version tls10\n  \n\n  _____ _    _____  __\n |_   _| |  / __\\ \\/ /\n   | | | |__\\__ \\\u003e  \u003c \n   |_| |____|___/_/\\_\\  v0.0.1\n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions.\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\nexample.com:443\n```\n\n### Custom Cipher\n\nSupported custom cipher can provided using `-cipher-input / -ci` flag, supported cipher list for each mode is available at [wiki page](https://github.com/projectdiscovery/tlsx/wiki/Ciphers).\n\n```console\n$ tlsx -u example.com -ci TLS_AES_256_GCM_SHA384 -cipher\n```\n\n```console\n$ tlsx -u example.com -ci cipher_list.txt -cipher\n```\n\n## Acknowledgements\n\nThis program optionally uses:\n\n- [zcrypto](https://github.com/zmap/zcrypto) library from the zmap team.\n- [cfssl](https://github.com/cloudflare/cfssl) library from the cloudflare team\n- cipher data from [ciphersuite.info](https://ciphersuite.info) for ciphersuite classification\n\n--------\n\n\u003cdiv align=\"center\"\u003e\n\ntlsx is made with ❤️ by the [projectdiscovery](https://projectdiscovery.io) team and distributed under [MIT License](LICENSE).\n\n\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/projectdiscovery/nuclei-burp-plugin/main/static/join-discord.png\" width=\"300\" alt=\"Join Discord\"\u003e\u003c/a\u003e\n\n\u003c/div\u003e\n","funding_links":["https://api-m.paypal.com","https://uptycsize.paypal.com","https://api.paypal.com","https://uptycspay.paypal.com","https://svcs.paypal.com","https://adjvendor.paypal.com","https://uptycshap.paypal.com","https://uptycshon.paypal.com","https://pilot-payflowpro.paypal.com","https://slc-a-origin-pointofsale.paypal.com","https://uptycsven.paypal.com","https://api-aa.paypal.com","https://api-aa-3t.paypal.com","https://uptycsbrt.paypal.com","https://payflowpro.paypal.com","http://pointofsale-s.paypal.com","http://slc-b-origin-pointofsale.paypal.com","http://api-3t.paypal.com","http://zootapi.paypal.com","http://pointofsale.paypal.com"],"categories":["Weapons","Miscellaneous"],"sub_categories":["Tools","Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Ftlsx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectdiscovery%2Ftlsx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Ftlsx/lists"}