GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → F5-Labs → cryptonice

F5-Labs / cryptonice

Licence: GPL-3.0 license
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

dnstlssslsecurityhstscryptohttpshttp2reportssl-certificatesappsectls-certificatetls-scansecurity-toolshttps-certificate

Projects that are alternatives of or similar to cryptonice

Tls Inspector
Easily view and inspect X.509 certificates on your iOS device.
Stars: ✭ 92 (+1.1%)
Mutual labels:  tls, ssl, https, ssl-certificates
Jetty.project
Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more
Stars: ✭ 3,260 (+3482.42%)
Mutual labels:  tls, ssl, https, http2
Nginxconfig.io
⚙️ NGINX config generator on steroids 💉
Stars: ✭ 14,983 (+16364.84%)
Mutual labels:  ssl, hsts, https, http2
tipi
Tipi - the All-in-one Web Server for Ruby Apps
Stars: ✭ 214 (+135.16%)
Mutual labels:  tls, ssl, https, http2
private-tls-cert
A simple Terraform module to generate self-signed TLS certificates for private use
Stars: ✭ 36 (-60.44%)
Mutual labels:  tls, ssl, ssl-certificates, tls-certificate
Shgf
Simple HTTP golang framework
Stars: ✭ 13 (-85.71%)
Mutual labels:  tls, ssl, https, http2
Acme client
Java ACME Client application
Stars: ✭ 77 (-15.38%)
Mutual labels:  tls, ssl, https
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (+3.3%)
Mutual labels:  tls, ssl, ssl-certificates
tlsassistant
Fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.
Stars: ✭ 24 (-73.63%)
Mutual labels:  tls, hsts, https
Tlslite Ng
TLS implementation in pure python, focused on interoperability testing
Stars: ✭ 119 (+30.77%)
Mutual labels:  tls, ssl, https
Greenlock
Automatic SSL renewal for NodeJS
Stars: ✭ 30 (-67.03%)
Mutual labels:  tls, ssl, https
Sslsplit
Transparent SSL/TLS interception
Stars: ✭ 1,371 (+1406.59%)
Mutual labels:  tls, ssl, https
docker-ssl-reverse-proxy
Easy-to-use auto-SSL reverse proxy as a Docker container based on Caddy and Let’s Encrypt
Stars: ✭ 22 (-75.82%)
Mutual labels:  tls, ssl, https
Merecat
Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd
Stars: ✭ 69 (-24.18%)
Mutual labels:  tls, ssl, https
Wolfssl
wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
Stars: ✭ 1,098 (+1106.59%)
Mutual labels:  tls, ssl, https
Nico
A HTTP2 web server for reverse proxy and single page application, automatically apply for ssl certificate, Zero-Configuration.
Stars: ✭ 43 (-52.75%)
Mutual labels:  tls, ssl, http2
Lemur
Repository for the Lemur Certificate Manager
Stars: ✭ 1,533 (+1584.62%)
Mutual labels:  tls, ssl, ssl-certificates
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (+79.12%)
Mutual labels:  tls, ssl, https
Siris
DEPRECATED: The community driven fork of Iris. The fastest web framework for Golang!
Stars: ✭ 146 (+60.44%)
Mutual labels:  tls, https, http2
Badssl.com
🔒 Memorable site for testing clients against bad SSL configs.
Stars: ✭ 2,234 (+2354.95%)
Mutual labels:  tls, ssl, https
View All Similar Projects ➔

Cryptonice

Cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS. It makes heavy use of open source code and libraries, including the SSLyze library for TLS testing, JARM code for TLS fingerprinting and Wappalyzer code for server components checks.

Cryptonice is currently supported under Python 3.8 and later on the following platforms:

  • Windows
  • Mac OS
  • Ubuntu 20.04
  • CentOS 8 (other Linux distros coming soon).

Docker

A Linux compatible Docker container is also now available for those that prefer not to rely on installations of Python or any dependencies. With Docker already installed, first pull down the image:

docker pull f5labs/cryptonice

To run from the container, use the following command:

docker run --rm -it f5labs/cryptonice www.f5.com

If you want to output the JSON results to a folder on your local machine you must tell Docker to map a local path to a path within the container. The following example maps a folder in C:\Scratch to a new folder called /results within the container)::

docker run --rm -it --volume //c/scratch:/results f5labs/cryptonice www.f5.com --json_out --json_path /results

Once the scan is complete you should find the resulting www.f5.com.json file in your C:\Scratch folder.

For detailed and up to date documentation, check out our ReadTheDocs pages:

https://cryptonice.readthedocs.io/

Installation

The easiest way to get started is by using PIP to install Cryptonice:

pip install cryptonice

asciicast

User Guide

cryptonice requires a domain name (such as www.github.com).

cryptonice www.github.com

Providing only a domain name and no other command line input will result in the following default dictionary of commands being run.

{
    "id": "default",
    "port": 443,
    "scans": ["TLS", "HTTP", "HTTP2", "DNS", "JARM"],
    "tls_params": ["certificate_information", "ssl_2_0_cipher_suites", "ssl_3_0_cipher_suites","tls_1_0_cipher_suites", "tls_1_1_cipher_suites", "tls_1_2_cipher_suites","tls_1_3_cipher_suites", "http_headers"],
    "http_body": false,
    "force_redirect": true,
    "print_out": true,
    "generate_json": true,
    "targets": ["www.github.com"]
}

The user can also choose to specify custom commands. Each custom command must be preceded with the name of the option (ex: to specify the scans TLS and HTTP to run, the user must add --scans TLS HTTP to the command line parameters)

  • --PORT: port to perform the scan on (default = 443)
  • --SCANS: scans to perform
    • TLS scan, HTTP headers, HTTP2 check, DNS data
  • --TLS_PARAMETERS: TLS specific scans to perform (should be listed as specified below, with no commas between options):
    • all, no_vuln_tests, certificate_info, ssl_2_0_cipher_suites, ssl_3_0_cipher_suites, tls_1_0_cipher_suites, tls_1_1_cipher_suites, tls_1_2_cipher_suites, tls_1_3_cipher_suites, tls_compression, tls_1_3_early_data, openssl_ccs_injection, heartbleed, robot, tls_fallback_scsv, session_renegotiation, session_resumption, session_resumption_rate, http_headers
    • all results in all commands being run, no_vuln_tests results in certificate_info, http_headers and the cipher_suites commands being run.
    • More information on each of these scan options can be found at: https://nabla-c0d3.github.io/sslyze/documentation/available-scan-commands.html
  • --HTTP_BODY: Y/y or N/n - sets a Boolean variable to include or exclude HTTP pages information
  • --FORCE_REDIRECTS: Y/y or N/n - sets a Boolean variable to check for automatic redirects from port 80 to 443 in a TLS scan (default = Y)
  • --PRINT_OUT: Y/y or N/n - sets a Boolean variable to print scan results to console (default = Y)
  • --JSON_OUT: Y/y or N/n - sets a Boolean variable to print scan results to JSON output file (default = Y)

asciicast

Output

cryptonice generates a JSON output file with the information requested by the input parameters. Output files will be named after the domain name and port provided (ex: target = www.github.com, port = 443, output = www.github.com-443.json)

Utilizing the library in your own code

cryptonice can be used within other projects as well. An example of this functionality can be found in the simple sample_script.py file. In that short script, the program input is a JSON file (sample_scan.json also provided) with the required commands. The data is read into a dictionary and sent to the scanner_driver function in cryptonice/scanner. Individual modules can also be called from outside functions, and will return a dictionary of the results. Further information on function parameters can be found in the code comments for each function.

Limitations

This code does not currently have the capability to scan a server based on an IP address and an SNI. Instead, the user must supply a hostname and internally the code will do a DNS resolution. This may lead to discrepancies in the IP address scanned in the TLS portions and the HTTP headers section. Certain domain names may also result in only one certificate being returned. The issue currently persists in the sslyze API where we get the certificate information, and we are working to find a solution.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].