An open API service indexing awesome lists of open source software.

https://github.com/ecobee/tlsscan

Scans the TLS options set on a particular socket
https://github.com/ecobee/tlsscan

Last synced: 26 days ago
JSON representation

Scans the TLS options set on a particular socket

Awesome Lists containing this project

README

          

# tlsscan

tlsscan scans the tls configuration of any TLS enabled protocol (https, smtps, imaps, etc). Tools like ssllabs are more feature rich, however they are run by external third parties and so we cannot scan internal systems, there may be rating limiting, etc.

## Building

It's all go, with no exotic extras, so it should just be `go build` in the directory.

There's no configaration files to worry about right now, it's all either compiled in or commandline switches

## Running

You can run tlsscan, and specify options on the commandline:

`./tlsscan --host api.ecobee.com:443`

Output is in JSON format to make it easily parsable by other tools, you can use `jq` to beautify it a little:

```
$ ./tlsscan --host api.ecobee.com:443 | jq '.'
{
"ciphersuites": [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"tlsversion": [
"TLSv1_2"
]
}
```

### Lambda

This code can (sort of) be run in a lambda, following the instructions here:

https://docs.aws.amazon.com/lambda/latest/dg/lambda-go-how-to-create-deployment-package.html

Input is as follows:

```
{
connnectString: "api.ecobee.com:443"
}

```

TLSScan *should* detect if it's being run on the commandline or in lambda automatically

## Bugs 🐜

~~Go currently filters out ciphersuites which it does not support, and so it does not check the full list.~~