TLS Prober: A tool to fingerprint SSL/TLS servers

by do son · July 13, 2018

TLS Prober

TLS Prober is a tool for identifying the implementation in use by SSL/TLS servers. It analyses the behavior of a server by sending a range of probes then comparing the responses with a database of known signatures. Key features include:

Requires no knowledge of the server configuration.
Does not rely on the supported cipher suites (since administrators often change those).
Successfully identifies openssl, schannel, Java (JSSE), wolfSSL (previously CyaSSL), GnuTLS, MatrixSSL, mbedTLS (previously PolarSSL).
Supports both pure SSL/TLS protocols like HTTPS and those that use STARTTLS such as SMTP and POP3.
Resilient against differences in the build options used by a given server.
Extensible – you can easily record the signatures of additional implementations.

Installation

git clone https://github.com/WestpointLtd/tls_prober.git

cd tls_prober/ && git submodule update --init

Usage

Usage: prober.py server [options]



A tool to fingerprint SSL/TLS servers



Options:

  -h, --help            show this help message and exit

  -p PORT, --port=PORT  TCP port to test (default: 443)

  -m MATCHES, --matches=MATCHES

                        Only display the first N matching scores(default: 0

                        which displays them all)

  -d, --debug           Print debugging messages

  -s STARTTLS, --starttls=STARTTLS

                        Enable a starttls mode. The available modes are: auto,

                        smtp, ftp, pop3, imap, none

  -t PROBE, --probe=PROBE

                        Run the specified probe

  -a ADD, --add=ADD     Add the specified fingerprint to the database

  -l, --list            List the fingerprints of the target

  --list-probes         List the available probes

  -v, --version         Display the version information

Source: https://github.com/WestpointLtd/

TLS Prober: A tool to fingerprint SSL/TLS servers

Search

Brilliantly

Content & Links