{"id":18298288,"url":"https://github.com/s3rgeym/tls-scan","last_synced_at":"2025-04-09T09:16:36.174Z","repository":{"id":222584657,"uuid":"757810581","full_name":"s3rgeym/tls-scan","owner":"s3rgeym","description":"Scan IP addresses for TLS/SSL certificates","archived":false,"fork":false,"pushed_at":"2024-03-04T02:55:14.000Z","size":111,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-15T03:24:19.694Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/s3rgeym.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-15T02:58:46.000Z","updated_at":"2024-02-15T02:59:32.000Z","dependencies_parsed_at":"2024-02-15T04:26:33.120Z","dependency_job_id":"c0bfbb23-c25d-44e5-9a2b-e56939d536d3","html_url":"https://github.com/s3rgeym/tls-scan","commit_stats":null,"previous_names":["s3rgeym/tls-scan"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rgeym%2Ftls-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rgeym%2Ftls-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rgeym%2Ftls-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rgeym%2Ftls-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/s3rgeym","download_url":"https://codeload.github.com/s3rgeym/tls-scan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248008625,"owners_count":21032556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-05T15:05:41.317Z","updated_at":"2025-04-09T09:16:36.139Z","avatar_url":"https://github.com/s3rgeym.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tls-scan\n\nCLI tool to scan IP addresses for TLS/SSL certificates. Outputs results in JSONL format. Useful for detecting software such as VMWare.\n\nInstallation:\n\n```bash\npip install tls-scan\n```\n\n\u003e This tool does not use third-party dependencies and can be run as a script.\n\nUsage:\n\n```bash\n$ tls-scan -h\n```\n\nExample #1: scan whole internet:\n\n```bash\n$ tls-scan -v -a 0.0.0.0/0\n```\n\nOutput sample:\n\n```json\n{\"ip\": \"193.201.66.1\", \"port\": 443, \"port_name\": \"https\", \"cert\": {\"subject\": {\"countryName\": \"LV\", \"localityName\": \"Rīga\", \"organizationName\": \"AS PrivatBank\", \"commonName\": \"*.privatbank.lv\"}, \"issuer\": {\"countryName\": \"US\", \"organizationName\": \"DigiCert Inc\", \"commonName\": \"DigiCert TLS RSA SHA256 2020 CA1\"}, \"version\": 3, \"serialNumber\": \"0CE443B97F070F5500D008EEDFB11F88\", \"notBefore\": \"Aug 12 00:00:00 2022 GMT\", \"notAfter\": \"Aug 24 23:59:59 2023 GMT\", \"subjectAltName\": [[\"DNS\", \"*.privatbank.lv\"], [\"DNS\", \"www.privatbank.lv\"], [\"DNS\", \"ibank.privatbank.lv\"], [\"DNS\", \"b2a2.privatbank.lv\"], [\"DNS\", \"open.privatbank.lv\"], [\"DNS\", \"sof.privatbank.lv\"]], \"OCSP\": [\"http://ocsp.digicert.com\"], \"caIssuers\": [\"http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt\"], \"crlDistributionPoints\": [\"http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl\", \"http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl\"]}, \"hostname\": \"b2a2.privatbank.lv\"}\n```\n\nYou can specify the port using `-p`. Instead of a port number or port range, you can use an alias: `smtp`, `imap`, `pop`, `https`, `ldap`, `rdp`, `ftp`, `telnet`, `cpanel`, `whm`, `kuber`, `portainer`, `proxmox`, `webmin`, `redis`, `activemq`. Specify `all` to scan all listed ports and `common` for the most common ones.\n\nExample #2: extract domains from certificate using [jq](https://jqlang.github.io/jq/):\n\n```bash\n$ tls-scan -a ... -p https smtp | jq -r '.cert.commonName, ( .cert.subjectAltName?[] | select(.[0]==\"DNS\")[1] ), .hostname | select(.)'\n...\n*.privatbank.lv\nwww.privatbank.lv\nibank.privatbank.lv\nb2a2.privatbank.lv\nopen.privatbank.lv\nsof.privatbank.lv\nb2a2.privatbank.lv\n...\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs3rgeym%2Ftls-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fs3rgeym%2Ftls-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs3rgeym%2Ftls-scan/lists"}