{"id":26085925,"url":"https://github.com/tomato42/tlsfuzzer","last_synced_at":"2025-03-09T06:01:55.442Z","repository":{"id":25539924,"uuid":"28972619","full_name":"tlsfuzzer/tlsfuzzer","owner":"tlsfuzzer","description":"SSL and TLS protocol test suite and fuzzer","archived":false,"fork":false,"pushed_at":"2024-12-25T20:17:53.000Z","size":8930,"stargazers_count":563,"open_issues_count":271,"forks_count":120,"subscribers_count":41,"default_branch":"master","last_synced_at":"2024-12-27T03:27:15.767Z","etag":null,"topics":["automation","drown","fuzzer","protocol-tester","protocol-verifier","rfc-compliance","robot","security-audit","security-vulnerability","ssl","standard-conformity","test-automation","test-framework","test-suite","testing-tools","tls","tls12","tls13","tlslite","tlslite-ng"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tlsfuzzer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-01-08T15:41:49.000Z","updated_at":"2024-12-18T08:28:20.000Z","dependencies_parsed_at":"2023-01-14T07:00:31.504Z","dependency_job_id":"b749eb7c-8aaf-46c1-808e-50957aaa8b7a","html_url":"https://github.com/tlsfuzzer/tlsfuzzer","commit_stats":null,"previous_names":["tomato42/tlsfuzzer"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Ftlsfuzzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Ftlsfuzzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Ftlsfuzzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Ftlsfuzzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tlsfuzzer","download_url":"https://codeload.github.com/tlsfuzzer/tlsfuzzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242650949,"owners_count":20163611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","drown","fuzzer","protocol-tester","protocol-verifier","rfc-compliance","robot","security-audit","security-vulnerability","ssl","standard-conformity","test-automation","test-framework","test-suite","testing-tools","tls","tls12","tls13","tlslite","tlslite-ng"],"created_at":"2025-03-09T06:01:34.916Z","updated_at":"2025-03-09T06:01:55.400Z","avatar_url":"https://github.com/tlsfuzzer.png","language":"Python","funding_links":[],"categories":["Tools","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["Network protocol","功能"],"readme":"[![GitHub CI](https://github.com/tlsfuzzer/tlsfuzzer/actions/workflows/ci.yml/badge.svg)](https://github.com/tlsfuzzer/tlsfuzzer/actions/workflows/ci.yml)\n[![Read the Docs](https://img.shields.io/readthedocs/tlsfuzzer)](https://tlsfuzzer.readthedocs.io/en/latest/)\n[![Coverage Status](https://coveralls.io/repos/tlsfuzzer/tlsfuzzer/badge.svg?branch=master)](https://coveralls.io/r/tlsfuzzer/tlsfuzzer?branch=master)\n[![Code Climate](https://codeclimate.com/github/tlsfuzzer/tlsfuzzer/badges/gpa.svg)](https://codeclimate.com/github/tlsfuzzer/tlsfuzzer)\n\n# tlsfuzzer\ntlsfuzzer is a test suite for SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, and\nTLS 1.3 implementations. It's in early stages of development, so there are\nno API stability guarantees. While it uses fuzzing techniques for testing\n(randomisation of passed in inputs), the scripts are generally written in a\nway that verifies correct error handling: unlike typical fuzzers it doesn't\ncheck only that the system under test didn't crash, it checks that it\nreturned correct error messages.\n\nYou can find ready-to-use scripts testing for many vulnerabilities (\n[ROBOT](https://robotattack.org/),\n[DROWN](https://drownattack.com/), etc.)\nand general standards conformity\n([RFC 5246](https://tools.ietf.org/html/rfc5246),\n[RFC 7627](https://tools.ietf.org/html/rfc7627),\n[RFC 7905](https://tools.ietf.org/html/rfc7905), etc.) in the `scripts/`\ndirectory.\n\n## Dependencies\n\nYou'll need:\n\n * Python 2.6 or later or Python 3.6 or later\n * [tlslite-ng](https://github.com/tlsfuzzer/tlslite-ng)\n   0.8.1 or later (note that `tlslite` will *not* work and\n   they conflict with each other)\n * [ecdsa](https://github.com/warner/python-ecdsa)\n   python module (dependency of tlslite-ng, should get installed\n   automatically with it), use at least version 0.15 for optimal performance\n\nOptionally, to make cryptographic calculations significantly faster, you may\nwant to install the following libraries (see tlslite-ng and python-ecdsa\nREADME files for details):\n\n * m2crypto\n * gmpy\n\nTo get `pip` (if your python installation doesn't already have it) download\n[get-pip.py](https://bootstrap.pypa.io/get-pip.py) and run\n(or see [USAGE.md](https://github.com/tlsfuzzer/tlsfuzzer/blob/master/USAGE.md)\nfor alternative configuration that does not require installation of packages):\n\n```\npython get-pip.py\n```\n\nThen install tlslite-ng:\n\n```\npip install --pre tlslite-ng\n```\n\n(Use `--upgrade --pre` if you did install it before)\n\nDownload the tlsfuzzer:\n\n```\ngit clone https://github.com/tlsfuzzer/tlsfuzzer.git\n```\n\n## Usage\n\nAfter all dependencies are installed, make sure:\n\n * you're in the directory of the project (after git clone just `cd tlsfuzzer`)\n * the server you want to test is running on the same computer (localhost)\n * the server is listening on port 4433\n * and the server will answer with data to HTTP queries (answer with valid\n   HTTP responses is optional)\n\nThen you can run one of the tests in\n[`scripts`](https://github.com/tlsfuzzer/tlsfuzzer/tree/master/scripts)\ndirectory, like so:\n\n```\nscripts/test-invalid-compression-methods.py\n```\n\nIf test has additional requirements, it will output them to console. No errors\nprinted means that all expecations were met (so for tests with bad data the\nserver rejected our messages).\n\nAll scripts also accept `--help` to print the help message (specification of\nall the options given script supports), `-h` to specify the hostname or\nIP address of the server-to-be-tested and `-p` to specify the port of the\nservice to be tested.\n\nSee [USAGE.md](https://github.com/tlsfuzzer/tlsfuzzer/blob/master/USAGE.md) for\nmore info and how to interpret errors and failures reported by scripts.\n\nYou can find mode detailed documentation for the project at\n[tlsfuzzer.readthedocs.io](https://tlsfuzzer.readthedocs.io).\n\nUsing tlsfuzzer to test for timing side-channel attacks (Lucky13, padding\noracle attacks and timing-based Bleichenbacher oracle) is described in\nthe [TIMING.md](https://github.com/tlsfuzzer/tlsfuzzer/blob/master/TIMING.md)\ndocument.\n\n## Server under test configuration\n\nIn general, the server under test requires just a RSA certificate, you\ncan create it using the following OpenSSL command:\n\n```\nopenssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -subj \\\n/CN=localhost -nodes -batch\n```\n\n**Note**: tlsfuzzer verifies only TLS level behaviour, it does not perform\nany checks on the certificate (like hostname validation, CA signatures or\nkey usage). It does however verify if the signatures made on TLS message\nby the server (like in Server Key Exchange or Certificiate Verify message)\nmatch the certificate sent by the server.\n\nMore detailed instructions, including how to build the different frameworks\nfrom source, are available in the\n[Server setup](https://github.com/tlsfuzzer/tlsfuzzer/wiki/Server-setup) wiki\npage.\n\nExample server configurations:\n\n### OpenSSL\n\nTo test OpenSSL, it's sufficient to pass an extra `-www` option to a\ntypical `s_server` command line:\n\n```\nopenssl s_server -key localhost.key -cert localhost.crt -www\n```\n\n### GnuTLS\n\nTo test GnuTLS server, you need to tell it to behave as an HTTP server\nand additionally, to not ask for client certificates:\n\n```\ngnutls-serv --http -p 4433 --x509keyfile localhost.key --x509certfile \\\nlocalhost.crt --disable-client-cert\n```\n\n### NSS\n\nTo test the Mozilla NSS library server, you first need to create a database\nwith server certificate:\n\n```\nmkdir nssdb\ncertutil -N -d sql:nssdb --empty-password\nopenssl pkcs12 -export -passout pass: -out localhost.p12 -inkey localhost.key \\\n-in localhost.crt -name localhost\npk12util -i localhost.p12 -d sql:nssdb -W ''\n```\n\nFinally, start the server with support for TLSv1.0 and later protocols, DHE\nciphers and with the above certificate:\n\n```\nselfserv -d sql:./nssdb -p 4433 -V tls1.0: -H 1 -n localhost\n```\n\n### Advanced configuration\nMore advanced and complex configurations as well as description how to compile\nthe above servers from source is available on the wiki page\n[Server setup](https://github.com/tlsfuzzer/tlsfuzzer/wiki/Server-setup).\n\n## Contributing\n\nSee the\n[CONTRIBUTING.md](https://github.com/tlsfuzzer/tlsfuzzer/blob/master/CONTRIBUTING.md)\ndocument for description how to set up your development environment, sanity\ncheck the changes and requirements the changes need to follow.\n\nYou may also want to read the\n[VISION.md](https://github.com/tlsfuzzer/tlsfuzzer/blob/master/VISION.md)\nto learn more about the planned scope of the project.\n\nContributors are expected to follow the project's\n[CODE OF CONDUCT](https://github.com/tlsfuzzer/tlsfuzzer/blob/master/CODE_OF_CONDUCT.md)\nwhen interacting with other members of the community.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomato42%2Ftlsfuzzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomato42%2Ftlsfuzzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomato42%2Ftlsfuzzer/lists"}