TLS Prober: A tool to fingerprint SSL/TLS servers

by do son ·

tls prober

TLS Prober

TLS Prober is a tool for identifying the implementation in use by SSL/TLS servers. It analyses the behavior of a server by sending a range of probes then comparing the responses with a database of known signatures. Key features include:

  • Requires no knowledge of the server configuration.
  • Does not rely on the supported cipher suites (since administrators often change those).
  • Successfully identifies openssl, schannel, Java (JSSE), wolfSSL (previously CyaSSL), GnuTLS, MatrixSSL, mbedTLS (previously PolarSSL).
  • Supports both pure SSL/TLS protocols like HTTPS and those that use STARTTLS such as SMTP and POP3.
  • Resilient against differences in the build options used by a given server.
  • Extensible – you can easily record the signatures of additional implementations.

Installation

git clone https://github.com/WestpointLtd/tls_prober.git

cd tls_prober/ && git submodule update --init

 

Usage

Usage: prober.py server [options]



A tool to fingerprint SSL/TLS servers



Options:

  -h, --help            show this help message and exit

  -p PORT, --port=PORT  TCP port to test (default: 443)

  -m MATCHES, --matches=MATCHES

                        Only display the first N matching scores(default: 0

                        which displays them all)

  -d, --debug           Print debugging messages

  -s STARTTLS, --starttls=STARTTLS

                        Enable a starttls mode. The available modes are: auto,

                        smtp, ftp, pop3, imap, none

  -t PROBE, --probe=PROBE

                        Run the specified probe

  -a ADD, --add=ADD     Add the specified fingerprint to the database

  -l, --list            List the fingerprints of the target

  --list-probes         List the available probes

  -v, --version         Display the version information

 

Copyright (c) 2014-2015 Richard Moore <rich@kde.org>

Source: https://github.com/WestpointLtd/

Tags: tls prober