https://github.com/ecobee/tlsscan
Scans the TLS options set on a particular socket
https://github.com/ecobee/tlsscan
Last synced: 26 days ago
JSON representation
Scans the TLS options set on a particular socket
- Host: GitHub
- URL: https://github.com/ecobee/tlsscan
- Owner: ecobee
- License: mit
- Created: 2018-11-20T18:56:06.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2022-03-30T21:10:00.000Z (over 4 years ago)
- Last Synced: 2025-02-24T04:20:04.286Z (over 1 year ago)
- Language: Go
- Size: 16.6 KB
- Stars: 2
- Watchers: 5
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# tlsscan
tlsscan scans the tls configuration of any TLS enabled protocol (https, smtps, imaps, etc). Tools like ssllabs are more feature rich, however they are run by external third parties and so we cannot scan internal systems, there may be rating limiting, etc.
## Building
It's all go, with no exotic extras, so it should just be `go build` in the directory.
There's no configaration files to worry about right now, it's all either compiled in or commandline switches
## Running
You can run tlsscan, and specify options on the commandline:
`./tlsscan --host api.ecobee.com:443`
Output is in JSON format to make it easily parsable by other tools, you can use `jq` to beautify it a little:
```
$ ./tlsscan --host api.ecobee.com:443 | jq '.'
{
"ciphersuites": [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"tlsversion": [
"TLSv1_2"
]
}
```
### Lambda
This code can (sort of) be run in a lambda, following the instructions here:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-go-how-to-create-deployment-package.html
Input is as follows:
```
{
connnectString: "api.ecobee.com:443"
}
```
TLSScan *should* detect if it's being run on the commandline or in lambda automatically
## Bugs 🐜
~~Go currently filters out ciphersuites which it does not support, and so it does not check the full list.~~