Skip to content

null-detected/TLSHunter

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TCP / TLS / SNI Scanner

A high-performance, asynchronous TCP port scanner and TLS/SNI certificate matching tool written in Python. This project includes both a robust command-line interface (CLI) and a fully-featured graphical user interface (GUI) built with Tkinter.

Features

  • High Concurrency: Built on Python asyncio for extreme concurrency and a minimal resource footprint.
  • Flexible Targets: Supports bare IPs, CIDR notations, and ranges directly inline or via file input.
  • Pipeline Architecture: Sequence of ICMP Ping -> TCP Probe -> TLS Handshake.
  • Custom SNI Injection: Send specific Server Name Indications (SNI) to test against routing rules.
  • Certificate Matching: Extracts Subject Alternative Names (SAN) and Common Names (CN) from certificates and matches them against user-supplied keywords.
  • Dynamic System Tuning: Automatically raises file descriptor limits and applies kernel sysctl tweaks (Linux only) to prevent false negatives during massive scans.
  • Cross-Platform UI: A dark-themed, robotic-style GUI that mirrors terminal layouts and manages the underlying scanner asynchronously without freezing the interface.

Components

1. Command-Line Interface (scanner.py)

The core asynchronous engine. It can be run entirely headless and provides a rich terminal interface with live statistics.

2. Graphical Interface (gui.py)

A native Tkinter-based UI wrapper around the scanner module. It provides real-time statistics, a live feed of successes and failures, and a control panel to configure scan parameters without needing to memorize CLI flags.

Usage

Launching the GUI

Run the following command to open the graphical interface:

python3 gui.py

Running via CLI

Run the scanner engine directly for headless execution:

python3 scanner.py [targets] -p [ports] --sni [sni] --match [keywords]

Example: Scan a CIDR on port 443 with a specific SNI and match certificates for the keyword "cloudflare":

python3 scanner.py 10.0.0.0/24 -p 443 --sni example.com --match cloudflare

Example: Test multiple IPs from a file against multiple SNIs from another file, outputting to a TSV result file:

python3 scanner.py -f ips.txt -p 443 --sni-file snis.txt -o results.txt --ips-out matched_ips.txt

System Tuning (Linux)

When running high concurrency scans on Linux, kernel connection tracking and file descriptor limits can cause false negatives (like EHOSTUNREACH or timeout errors).

The GUI includes a "System Tuning" module that allows you to safely authenticate via a modal sudo prompt and temporarily raise these limits for the current session. Target tweaks include tcp_tw_reuse, ip_local_port_range, tcp_fin_timeout, fs.file-max, and nf_conntrack_max. The changes apply only until the next reboot.

Dependencies

  • Python 3.10+
  • rich
  • cryptography

Install dependencies via pip:

pip install rich cryptography

License

This software is strictly proprietary. No copying, distribution, modification, or usage without explicit permission is allowed. See the LICENSE file for details.

About

Generic TCP + TLS/SNI IP scanner with async concurrency, certificate inspection, keyword matching, and live Rich-based progress UI.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors