A high-performance, asynchronous TCP port scanner and TLS/SNI certificate matching tool written in Python. This project includes both a robust command-line interface (CLI) and a fully-featured graphical user interface (GUI) built with Tkinter.
- High Concurrency: Built on Python asyncio for extreme concurrency and a minimal resource footprint.
- Flexible Targets: Supports bare IPs, CIDR notations, and ranges directly inline or via file input.
- Pipeline Architecture: Sequence of ICMP Ping -> TCP Probe -> TLS Handshake.
- Custom SNI Injection: Send specific Server Name Indications (SNI) to test against routing rules.
- Certificate Matching: Extracts Subject Alternative Names (SAN) and Common Names (CN) from certificates and matches them against user-supplied keywords.
- Dynamic System Tuning: Automatically raises file descriptor limits and applies kernel sysctl tweaks (Linux only) to prevent false negatives during massive scans.
- Cross-Platform UI: A dark-themed, robotic-style GUI that mirrors terminal layouts and manages the underlying scanner asynchronously without freezing the interface.
The core asynchronous engine. It can be run entirely headless and provides a rich terminal interface with live statistics.
A native Tkinter-based UI wrapper around the scanner module. It provides real-time statistics, a live feed of successes and failures, and a control panel to configure scan parameters without needing to memorize CLI flags.
Run the following command to open the graphical interface:
python3 gui.pyRun the scanner engine directly for headless execution:
python3 scanner.py [targets] -p [ports] --sni [sni] --match [keywords]Example: Scan a CIDR on port 443 with a specific SNI and match certificates for the keyword "cloudflare":
python3 scanner.py 10.0.0.0/24 -p 443 --sni example.com --match cloudflareExample: Test multiple IPs from a file against multiple SNIs from another file, outputting to a TSV result file:
python3 scanner.py -f ips.txt -p 443 --sni-file snis.txt -o results.txt --ips-out matched_ips.txtWhen running high concurrency scans on Linux, kernel connection tracking and file descriptor limits can cause false negatives (like EHOSTUNREACH or timeout errors).
The GUI includes a "System Tuning" module that allows you to safely authenticate via a modal sudo prompt and temporarily raise these limits for the current session. Target tweaks include tcp_tw_reuse, ip_local_port_range, tcp_fin_timeout, fs.file-max, and nf_conntrack_max. The changes apply only until the next reboot.
- Python 3.10+
- rich
- cryptography
Install dependencies via pip:
pip install rich cryptographyThis software is strictly proprietary. No copying, distribution, modification, or usage without explicit permission is allowed. See the LICENSE file for details.