Features

SSH

Differentiators

  • checks supported Diffie-Hellman (group exchange) key sizes

  • checks supported host certificates, X.509 certificates and chains

  • analyzes server protocol version string to identify application server vendor and version

  • verifies host keys against SSHFP DNS records

Versions

Analyzers

Supported analyzers by cryptographic protocol versions

Analyzers

SSH 2.0

Cipher Suites (ciphers)

Diffie-Hellman parameters (dhparams)

Host Keys, Host/X.509 Certificates and Chains (pubkeys) | ✓

Vulnerabilities (vulns) | ✓

Vulnerabilities

SSL/TLS

Differentiators

  • checks 10+ application layer protocols with opportunistic TLS capability

  • checks 400+ cipher suites, more than discussed on ciphersuite.info, or supported by GnuTls, LibreSSL, OpenSSL, or wolfSSL

  • checks GOST (national standards of the Russian Federation and CIS countries) cipher suites

  • checks ShangMi (SM) (national standards of China) cipher suites

  • checks post-quantum elliptic curves (Kyber)

  • checks TLS 1.3 draft versions, not just final version

  • checks whether Diffie-Hellman

    • public parameter is a safe prime

    • public parameter is defined in an RFC (e.g., FFDHE, MODP) or used by an application server as a builtin parameter

    • key exchange supports RFC 7919 (FFDHE)

    • key is reused

Analyzers

Supported analyzers by cryptographic protocol versions

Analyzers

SSL

TLS

2.0

3.0

1.0

1.1

1.2

1.3

Cipher Suites (ciphers)

X.509 Public Keys (pubkeys)

X.509 Public Keys Request (pubkeyreq)

n/a

Diffie-Hellman parameters (dhparams)

n/a

Elliptic-Curves (curves)

n/a

n/a

Signature Algorithms (sigalgos)

n/a

n/a

n/a

Extensions (extensions)

n/a

n/a

n/a

n/a

Vulnerabilities (vulns)

n/a

n/a

n/a

n/a

n/a

n/a

Simulations (simulations)

n/a

n/a

n/a

n/a

n/a

n/a

Opportunistic TLS or STARTTLS) which is an extension of an application layer protocol – offering a way to upgrade a plain text connection to an encrypted one without using a separate port - is supported in the case of the following application layer protocols.

Versions

Curves

  • check post-quantum (PQC) algorithms

    KYBER_512_R3, KYBER_768_R3, KYBER_1024_R3,
    SECP256R1_KYBER_512_R3, SECP256R1_KYBER_768_R3,
    SECP384R1_KYBER_768_R3, SECP521R1_KYBER_1024_R3,
    SECP256R1_ML_KEM_768,
    X25519_KYBER_512_R3, X25519_KYBER_768_R3,
    X25519_KYBER_512_R3_CLOUDFLARE,
    X25519_KYBER_768_R3_CLOUDFLARE,
    X25519_ML_KEM_768

Extensions

Public Keys

Vulnerabilities

Simulated Clients

Fingerprinting

  1. generates JA3 tag of any connecting TLS client independently from its type (graphical/cli, browser/email client/…)

  2. decodes existing JA3 tags by showing human-readable format of the TLS parameters represented by the tag

  3. generates JA4 tag of any connecting TLS client

  4. decodes existing JA4 tags (raw form) by showing human-readable format of the TLS parameters represented by the tag

  5. generates HASSH tag) of SSH clients

Hypertext Transfer Protocol (HTTP)

Analyzers

Headers

Internet Key Exchange (IKE)

Versions

Analyzers

Supported analyzers by cryptographic protocol versions

Analyzers

IKEv1

IKEv2

Diffie-Hellman parameters (dhparams)

Elliptic-Curves (curves)

Extensions (extensions)

Extensions

The extensions analyzer detects IKE protocol extensions advertised by the server during the initial SA-setup phase (IKE_SA_INIT for IKEv2). The probe sends a single IKE_SA_INIT request that includes the initiator-side notifications required by RFC 7383, RFC 8784, RFC 9242 and RFC 6023, then harvests the responder’s status-level Notify and Vendor ID payloads.

Detected IKEv2 notifications:

  • IKEV2_FRAGMENTATION_SUPPORTED (RFC 7383)

  • USE_PPK (RFC 8784)

  • INTERMEDIATE_EXCHANGE_SUPPORTED (RFC 9242)

  • CHILDLESS_IKEV2_SUPPORTED (RFC 6023)

  • SIGNATURE_HASH_ALGORITHMS (RFC 7427)

  • MULTIPLE_AUTH_SUPPORTED (RFC 4739)

  • NAT_DETECTION_SOURCE_IP / NAT_DETECTION_DESTINATION_IP (RFC 7296 §2.23)

  • REDIRECT_SUPPORTED (RFC 5685); opportunistic detection only - the gateway does not echo REDIRECT_SUPPORTED and only sends REDIRECT when actually redirecting.

Vendor IDs (IKEv1 and IKEv2) are matched against the cryptodatahub IkeVendorId registry which contains well-known constants for NAT-T drafts and RFC 3947, RFC 3706 DPD, XAUTH, Cisco family, strongSwan, racoon, Microsoft, Netscreen, Fortinet, Aruba and other implementations. Matched VIDs surface by their lowercased enum name; unknown VIDs are dropped.

Notifies whose advertisement occurs only inside the encrypted IKE_AUTH exchange (MOBIKE, USE_AGGFRAG, CLONE_IKE_SA_SUPPORTED, HTTP_CERT_LOOKUP_SUPPORTED, INITIAL_CONTACT, IPCOMP_SUPPORTED, ADDITIONAL_TS_POSSIBLE, ESP_TFC_PADDING_NOT_SUPPORTED, IP4_ALLOWED, IP6_ALLOWED) are not observable under the IKE_SA_INIT-only probe model and therefore do not appear in the result.

DNS

Differentiators

  • extract (public key) and analyze (key type, size) DNSSEC signing keys

Analyzers