Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/s3rgeym/tls-scan
Scan IP addresses for TLS/SSL certificates
https://github.com/s3rgeym/tls-scan
Last synced: 1 day ago
JSON representation
Scan IP addresses for TLS/SSL certificates
- Host: GitHub
- URL: https://github.com/s3rgeym/tls-scan
- Owner: s3rgeym
- Created: 2024-02-15T02:58:46.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-03-04T02:55:14.000Z (8 months ago)
- Last Synced: 2024-08-09T12:12:11.446Z (3 months ago)
- Language: Python
- Size: 108 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# tls-scan
CLI tool to scan IP addresses for TLS/SSL certificates. Outputs results in JSONL format. Useful for detecting software such as VMWare.
Installation:
```bash
pip install tls-scan
```
> This tool does not use third-party dependencies and can be run as a script.
Usage:
```bash
$ tls-scan -h
```
Example #1: scan whole internet:
```bash
$ tls-scan -v -a 0.0.0.0/0
```
Output sample:
```json
{"ip": "193.201.66.1", "port": 443, "port_name": "https", "cert": {"subject": {"countryName": "LV", "localityName": "Rīga", "organizationName": "AS PrivatBank", "commonName": "*.privatbank.lv"}, "issuer": {"countryName": "US", "organizationName": "DigiCert Inc", "commonName": "DigiCert TLS RSA SHA256 2020 CA1"}, "version": 3, "serialNumber": "0CE443B97F070F5500D008EEDFB11F88", "notBefore": "Aug 12 00:00:00 2022 GMT", "notAfter": "Aug 24 23:59:59 2023 GMT", "subjectAltName": [["DNS", "*.privatbank.lv"], ["DNS", "www.privatbank.lv"], ["DNS", "ibank.privatbank.lv"], ["DNS", "b2a2.privatbank.lv"], ["DNS", "open.privatbank.lv"], ["DNS", "sof.privatbank.lv"]], "OCSP": ["http://ocsp.digicert.com"], "caIssuers": ["http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt"], "crlDistributionPoints": ["http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl", "http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl"]}, "hostname": "b2a2.privatbank.lv"}
```
You can specify the port using `-p`. Instead of a port number or port range, you can use an alias: `smtp`, `imap`, `pop`, `https`, `ldap`, `rdp`, `ftp`, `telnet`, `cpanel`, `whm`, `kuber`, `portainer`, `proxmox`, `webmin`, `redis`, `activemq`. Specify `all` to scan all listed ports and `common` for the most common ones.
Example #2: extract domains from certificate using [jq](https://jqlang.github.io/jq/):
```bash
$ tls-scan -a ... -p https smtp | jq -r '.cert.commonName, ( .cert.subjectAltName?[] | select(.[0]=="DNS")[1] ), .hostname | select(.)'
...
*.privatbank.lv
www.privatbank.lv
ibank.privatbank.lv
b2a2.privatbank.lv
open.privatbank.lv
sof.privatbank.lv
b2a2.privatbank.lv
...
```