Features¶
SSH¶
Differentiators¶
checks supported Diffie-Hellman (group exchange) key sizes
checks supported host certificates, X.509 certificates and chains
analyzes server protocol version string to identify application server vendor and version
verifies host keys against SSHFP DNS records
Versions¶
Analyzers¶
Supported analyzers by cryptographic protocol versions
Analyzers |
SSH 2.0 |
|---|---|
Cipher Suites ( |
✓ |
Diffie-Hellman parameters ( |
✓ |
Host Keys, Host/X.509 Certificates and Chains ( |
|
Vulnerabilities ( |
|
Vulnerabilities¶
SSL/TLS¶
Differentiators¶
checks 10+ application layer protocols with opportunistic TLS capability
checks 400+ cipher suites, more than discussed on ciphersuite.info, or supported by GnuTls, LibreSSL, OpenSSL, or wolfSSL
checks GOST (national standards of the Russian Federation and CIS countries) cipher suites
checks ShangMi (SM) (national standards of China) cipher suites
checks post-quantum elliptic curves (Kyber)
checks TLS 1.3 draft versions, not just final version
checks whether Diffie-Hellman
public parameter is a safe prime
public parameter is defined in an RFC (e.g., FFDHE, MODP) or used by an application server as a builtin parameter
key exchange supports RFC 7919 (FFDHE)
key is reused
Analyzers¶
Supported analyzers by cryptographic protocol versions
Analyzers |
SSL |
TLS |
||||
|---|---|---|---|---|---|---|
2.0 |
3.0 |
1.0 |
1.1 |
1.2 |
1.3 |
|
Cipher Suites ( |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
X.509 Public Keys ( |
✓ |
✓ |
✓ |
✓ |
✓ |
✗ |
X.509 Public Keys Request ( |
n/a |
✓ |
✓ |
✓ |
✓ |
✗ |
Diffie-Hellman parameters ( |
n/a |
✓ |
✓ |
✓ |
✓ |
✓ |
Elliptic-Curves ( |
n/a |
n/a |
✓ |
✓ |
✓ |
✓ |
Signature Algorithms ( |
n/a |
n/a |
n/a |
✓ |
✓ |
✓ |
Extensions ( |
n/a |
n/a |
n/a |
n/a |
✓ |
✓ |
Vulnerabilities ( |
n/a |
n/a |
n/a |
n/a |
n/a |
n/a |
Simulations ( |
n/a |
n/a |
n/a |
n/a |
n/a |
n/a |
Opportunistic TLS or STARTTLS) which is an extension of an application layer protocol – offering a way to upgrade a plain text connection to an encrypted one without using a separate port - is supported in the case of the following application layer protocols.
Versions¶
Curves¶
check post-quantum (PQC) algorithms
KYBER_512_R3,KYBER_768_R3,KYBER_1024_R3,SECP256R1_KYBER_512_R3,SECP256R1_KYBER_768_R3,SECP384R1_KYBER_768_R3,SECP521R1_KYBER_1024_R3,SECP256R1_ML_KEM_768,X25519_KYBER_512_R3,X25519_KYBER_768_R3,X25519_KYBER_512_R3_CLOUDFLARE,X25519_KYBER_768_R3_CLOUDFLARE,X25519_ML_KEM_768
Extensions¶
Public Keys¶
validation against notable trusted root CA certificates stores
revocation check
extensions
TLS feature (e.g. OCSP must staple)
-
timestamp information
transparency log information
Vulnerabilities¶
Simulated Clients¶
Fingerprinting¶
generates JA3 tag of any connecting TLS client independently from its type (graphical/cli, browser/email client/…)
decodes existing JA3 tags by showing human-readable format of the TLS parameters represented by the tag
generates JA4 tag of any connecting TLS client
decodes existing JA4 tags (raw form) by showing human-readable format of the TLS parameters represented by the tag
generates HASSH tag) of SSH clients
Hypertext Transfer Protocol (HTTP)¶
Analyzers¶
Headers¶
generic headers
NEL (Network Error Logging)
caching headers
security headers
content security
Internet Key Exchange (IKE)¶
Versions¶
Analyzers¶
Supported analyzers by cryptographic protocol versions
Analyzers |
IKEv1 |
IKEv2 |
|---|---|---|
Diffie-Hellman parameters ( |
✓ |
✓ |
Elliptic-Curves ( |
✓ |
✓ |
Extensions ( |
✓ |
✓ |
Extensions¶
The extensions analyzer detects IKE protocol extensions advertised by
the server during the initial SA-setup phase (IKE_SA_INIT for IKEv2).
The probe sends a single IKE_SA_INIT request that includes the
initiator-side notifications required by RFC 7383, RFC 8784, RFC 9242 and
RFC 6023, then harvests the responder’s status-level Notify and Vendor ID
payloads.
Detected IKEv2 notifications:
IKEV2_FRAGMENTATION_SUPPORTED(RFC 7383)USE_PPK(RFC 8784)INTERMEDIATE_EXCHANGE_SUPPORTED(RFC 9242)CHILDLESS_IKEV2_SUPPORTED(RFC 6023)SIGNATURE_HASH_ALGORITHMS(RFC 7427)MULTIPLE_AUTH_SUPPORTED(RFC 4739)NAT_DETECTION_SOURCE_IP/NAT_DETECTION_DESTINATION_IP(RFC 7296 §2.23)REDIRECT_SUPPORTED(RFC 5685); opportunistic detection only - the gateway does not echoREDIRECT_SUPPORTEDand only sendsREDIRECTwhen actually redirecting.
Vendor IDs (IKEv1 and IKEv2) are matched against the cryptodatahub
IkeVendorId registry which contains well-known constants for NAT-T
drafts and RFC 3947, RFC 3706 DPD, XAUTH, Cisco family, strongSwan,
racoon, Microsoft, Netscreen, Fortinet, Aruba and other implementations.
Matched VIDs surface by their lowercased enum name; unknown VIDs are
dropped.
Notifies whose advertisement occurs only inside the encrypted
IKE_AUTH exchange (MOBIKE, USE_AGGFRAG, CLONE_IKE_SA_SUPPORTED,
HTTP_CERT_LOOKUP_SUPPORTED, INITIAL_CONTACT, IPCOMP_SUPPORTED,
ADDITIONAL_TS_POSSIBLE, ESP_TFC_PADDING_NOT_SUPPORTED, IP4_ALLOWED,
IP6_ALLOWED) are not observable under the IKE_SA_INIT-only probe
model and therefore do not appear in the result.
DNS¶
Differentiators¶
extract (public key) and analyze (key type, size) DNSSEC signing keys
Analyzers¶
e-mail authentication, reporting related records
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Sender Policy Framework (SPF)
SMTP MTA Strict Transport Security (MTA-STS)
SMTP TLS Reporting (TLSRPT)
DNSSEC records
SSHFP records for SSH host key fingerprint verification