Skip to main content

tlsx

tlsx is a fast and configurable TLS grabber designed for secure data collection and analysis within automated security workflows. It specializes in retrieving certificates, making it an essential tool for reconnaissance during security assessments.

Ideal Use Cases & Fit

This tool excels in scenarios requiring detailed TLS analysis, particularly in environments where certificate validation and cipher information are critical. tlsx is ideal for:

  • Automated scanning of multiple hosts for TLS details.
  • Environments assessing the security posture of web applications.
  • Situations where insight into certificate issues, such as expiration or self-signing, is necessary.

Avoid using tlsx for environments where quick, superficial checks are sufficient, as its strength lies in thorough examination.

Value in Workflows

Integrating tlsx into security workflows enhances early reconnaissance efforts by providing comprehensive visibility into TLS configurations. It effectively supports post-processing stages by mapping out TLS health across multiple domains, allowing for proactive measures against vulnerabilities identified during analysis.

Input Data

tlsx expects input in the form of a newline-separated list of hosts or IP addresses. The input function is designated as target, and it is a required parameter.

Example:

subdomain1.example.com
192.168.1.1
subdomain2.example.com

Configuration

  • json: Controls output format, with a default of true for JSON line format.
  • silent: Manages output verbosity, defaulting to true for silent mode.
  • scan-mode: Sets the TLS connection mode (options include ctls, ztls, openssl, auto) with a default of auto.
  • scan-all-ips: Indicates whether to scan all IPs associated with a host, defaulting to false.
  • ip-version: Specifies the IP version(s) to use, with a default of IPv4.
  • tls-version: Displays the used TLS version when set to true.
  • cipher: Outputs the cipher used during the connection when enabled.
  • verify-cert: Enables server certificate verification for secure connections.
  • timeout: Sets the TLS connection timeout (default is 5 seconds).
  • retry: Determines the number of connection retries for failures (default is 3).

These parameters enhance the tool's flexibility and adaptability, fitting seamlessly into a variety of security workflows.