https://github.com/c0r0n3r/cryptolyzer

CryptoLyzer is a fast, flexible and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI. (read-only clone of the original GitLab project)
https://github.com/c0r0n3r/cryptolyzer

certificate-transparency content-security-policy dnssec http-header-check http-scan mixed-content openvpn python scan-tool scanning-tool security security-audit security-tools ssh-scanner ssl-scanner subresource-integrity tls-scan tls-scanning-library vulnerability-scanners

Last synced: about 2 months ago
JSON representation

Host: GitHub
URL: https://github.com/c0r0n3r/cryptolyzer
Owner: c0r0n3r
License: mpl-2.0
Created: 2019-03-15T18:30:48.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2025-01-11T19:44:59.000Z (about 1 year ago)
Last Synced: 2025-01-11T20:30:34.037Z (12 months ago)
Topics: certificate-transparency, content-security-policy, dnssec, http-header-check, http-scan, mixed-content, openvpn, python, scan-tool, scanning-tool, security, security-audit, security-tools, ssh-scanner, ssl-scanner, subresource-integrity, tls-scan, tls-scanning-library, vulnerability-scanners
Language: Python
Homepage: https://gitlab.com/coroner/cryptolyzer/
Size: 1.57 MB
Stars: 27
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.rst
- Changelog: CHANGELOG.rst
- Contributing: CONTRIBUTING.rst
- License: LICENSE.txt

Awesome Lists containing this project

awesome-security-hardening - CryptoLyzer - Fast, flexible and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI. (Tools to check security hardening / TLS/SSL)

README

.. image:: https://gitlab.com/coroner/cryptolyzer/badges/master/pipeline.svg
:alt: Pipeline
:target: https://gitlab.com/coroner/cryptolyzer/-/pipelines/master/latest
.. image:: https://coveralls.io/repos/gitlab/coroner/cryptolyzer/badge.svg?branch=master
:alt: Test Coverage
:target: https://coveralls.io/gitlab/coroner/cryptolyzer/
.. image:: https://readthedocs.org/projects/cryptolyzer/badge/?version=latest
:alt: Documentation
:target: https://cryptolyzer.readthedocs.io

**CryptoLyzer** is a fast, flexible, and comprehensive server cryptographic protocol
(`TLS `__,
`SSL `__,
`SSH `__,
`DNSSEC `__) and related setting
(`HTTP headers `__,
`DNS records `__) analyzer and fingerprint
(`JA3 `__,
`HASSH `__ tag) generator with
`application programming `__ (API) and
`command line `__ (CLI) interface.

However the API can provide the most complete functionality, the CLI also strives to be as comprehensive as possible. To
do that CLI provides three output formats. The first one for human analysis where the cryptographic algorithm names and
the values of key sizes and other security-related settings are colorized according to their security strength using the
well-known `traffic light rating system `__. The other two
output formats (:ref:`Output Formats / Markdown`, :ref:`Output Formats / JSON`) are machine-readable, however the
Markdown format even human-readable and even suitable for generating documentation in different formats (e.g. DOCX, PDF,
...).

.. only:: html

.. raw:: html

The strength of CryptoLyzer compared to its competitors is that it contains a custom implementation of cryptographic
protocols (`CryptoParser `__), which are as small as absolutely necessary for the
analysis, but as most comprehensive algorithm identifier sets of the cryptographic protocols
(`CryptoDataHub `__) as possible. The combination of the two properly makes it
possible to check the support of rarely used, deprecated, non-standard, or experimental algorithms and methods that are
not yet or have never been supported by the most popular cryptographic algorithms. This way of working leads to the fact
that CryptoLyzer can recognize more TLS cipher suites than listed in total on
`Ciphersuite Info `__.

-----
Usage
-----

Pip
===

.. code:: shell

pip install cryptolyzer

cryptolyze tls all www.example.com
cryptolyze tls1_2 ciphers www.example.com
cryptolyze ssh2 ciphers www.example.com
cryptolyze http headers www.example.com
cryptolyze dns dnssec example.com

Docker
======

.. code:: shell

docker run --rm coroner/cryptolyzer tls all www.example.com
docker run --rm coroner/cryptolyzer tls1_2 ciphers www.example.com
docker run --rm coroner/cryptolyzer ssh2 ciphers www.example.com
docker run --rm coroner/cryptolyzer http headers www.example.com
docker run --rm coroner/cryptolyzer dns dnssec example.com

.. code:: shell

docker run -ti --rm -p 127.0.0.1:4433:4433 coroner/cryptolyzer ja3 generate 127.0.0.1:4433
openssl s_client -connect 127.0.0.1:4433

docker run -ti --rm -p 127.0.0.1:2121:2121 coroner/cryptolyzer ja3 generate ftp://127.0.0.1:2121
openssl s_client -starttls ftp -connect 127.0.0.1:2121

.. code:: shell

docker run -ti --rm -p 127.0.0.1:2222:4433 coroner/cryptolyzer hassh generate 127.0.0.1:2222
openssl s_client -connect 127.0.0.1:2222

-------
Support
-------

Python implementation
=====================

- CPython (3.9+)
- PyPy (3.9+)

Operating systems
=================

- Linux
- macOS
- Windows

------------
Social Media
------------

- `Twitter `__
- `Facebook `__

-------------
Documentation
-------------

Detailed `documentation `__ is available on the project's
`Read the Docs `__ site.

-------
License
-------

The `code `__ is available under the terms of
`Mozilla Public License Version 2.0 `__ (MPL 2.0).

A non-comprehensive, but straightforward description of MPL 2.0 can be found at
`Choose an open source license `__ website.

-------
Credits
-------

- `NLnet Foundation `__ and `NGI Assure `__, supports the project part of
the `Next Generation Internet `__ initiative.
- Icons made by `Freepik `__ from `Flaticon `__.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/c0r0n3r/cryptolyzer

Awesome Lists containing this project

README