Features

The script can handle scanning a single url (-u/--url) per one run. If more ports are specified with the -p/--port it will sequentially scan the provided ports.

Multiple vulnerability tests are available, see the Vulnerabilities file.

Output format

The output format of the script is a json object that is by default formatted using a custom formatter into the stdout of the run environment. If a formatted output is not desired it is possible to purly output the json object by either saving it to a file or outputting it to the stdout file descriptor (option -j/--json).

Cipher suite scanning

Using the option -cs/--cipher-suites it is possible to scan all the possible cipher suites the peer is going to accept during the handshake procedure. If the peer that is being scanned rejects too many connections and the scan fails, an edit would be needed in the network_profiles.json configuration file (see the configuration section).

Fixing openssl.cnf

The -fc/--fix-conf option can be used to allow the use of older TLS protocols (TLSv1.0 and TLSv1.1), if not supported by your installed openssl library. It may rewrite the file located at /etc/ssl/openssl.cnf that is why a backup file is created with this format {old_file}.backup_{unix_time} in the same folder as the config file.

Other notable features

Other notable features that are pretty self-explanatory are:

• -cc/--cert-chain – Certificate chain scanning not just the endpoint certificate.

• -sn/--short-names – Shorten alternative names from certificates.

• -w/--worst – Choosing the worst available protocol version for connection

• -nd/--nmap-discover – Host discovery using nmap (not very reliable right now)

• -ns/--nmap-scan – Scan web server version using nmap

• -i/--info/-d/--debug – Info/debug information