TLS Prober: A tool to fingerprint SSL/TLS servers

TLS Prober

TLS Prober is a tool for identifying the implementation in use by SSL/TLS servers. It analyses the behavior of a server by sending a range of probes then comparing the responses with a database of known signatures. Key features include:

  • Requires no knowledge of the server configuration.
  • Does not rely on the supported cipher suites (since administrators often change those).
  • Successfully identifies openssl, schannel, Java (JSSE), wolfSSL (previously CyaSSL), GnuTLS, MatrixSSL, mbedTLS (previously PolarSSL).
  • Supports both pure SSL/TLS protocols like HTTPS and those that use STARTTLS such as SMTP and POP3.
  • Resilient against differences in the build options used by a given server.
  • Extensible – you can easily record the signatures of additional implementations.


git clone
cd tls_prober/ && git submodule update --init



Usage: server [options]

A tool to fingerprint SSL/TLS servers

  -h, --help            show this help message and exit
  -p PORT, --port=PORT  TCP port to test (default: 443)
  -m MATCHES, --matches=MATCHES
                        Only display the first N matching scores(default: 0
                        which displays them all)
  -d, --debug           Print debugging messages
  -s STARTTLS, --starttls=STARTTLS
                        Enable a starttls mode. The available modes are: auto,
                        smtp, ftp, pop3, imap, none
  -t PROBE, --probe=PROBE
                        Run the specified probe
  -a ADD, --add=ADD     Add the specified fingerprint to the database
  -l, --list            List the fingerprints of the target
  --list-probes         List the available probes
  -v, --version         Display the version information


Copyright (c) 2014-2015 Richard Moore <>