.. /CryptoLyzer

Quick Usage

For this tool the run command is:

docker run -it --rm coroner/cryptolyzer <target_url>

Description

CryptoLyzer is a fast, flexible, and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with application programming (API) and command line (CLI) interface.

Key Features

TLS/SSL
- checks 10+ application layer protocols with opportunistic TLS capability (FTP, IMAP, LDAP, LMTP, MySQL, NNTP, OpenVPN, POP3, PostgreSQL, RDP, Sieve, SMTP, XMPP/Jabber)
- checks 400+ cipher suites, more than discussed on ciphersuite.info, or supported by the most popular cryptographic libraries
- checks GOST (national standards of the Russian Federation and CIS countries) cipher suites
- checks post-quantum elliptic curves (Kyber)
- validates server certificate(s) against notable trusted root CA certificates stores
- checks revocation (CRL, (OCSP/OCSP stapling)), extensions OCSP must staple, extended validation), and certificate transparency (CT)
- checks TLS 1.3 draft versions, not just final version
- generates and decodes JA3 tag
SSH
- checks supported Diffie-Hellman (group exchange) key sizes
- checks supported host certificates, X.509 certificates and chains
- analyzes server protocol version string to identify application server vendor and version
- generates HASSH tag
DNS
- extract (public key) and analyze (key type, size) DNSSEC signing keys
- parses e-mail authentication, reporting related records
HTTP(S)
- parses security headers
- parses caching headers
- parses generic headers
checks Diffie-Hellman parameters
- public parameter is a safe prime
- public parameter is defined in an RFC (e.g., FFDHE, MODP) or used by an application server as a builtin parameter
- key is reused

Cheatsheat

Help

    $ docker run --rm -ti coroner/cryptolyzer --help

Server Analysis

Partial Check

    $ docker run --rm -ti coroner/cryptolyzer tls1_2 dhparams example.com
    $ docker run --rm -ti coroner/cryptolyzer tls1_3 dhparams example.com

All-in-one Check

    $ docker run --rm -ti coroner/cryptolyzer tls all example.com
    $ docker run --rm -ti coroner/cryptolyzer ssh all github.com

Domain Analysis

    $ docker run --rm -ti coroner/cryptolyzer dns dnssec example.com
    $ docker run --rm -ti coroner/cryptolyzer dns mail example.com

Client Analysis

Tag generation

    $ podman run -ti --rm -p 127.0.0.1:4433:4433 coroner/cryptolyzer ja3 generate 0.0.0.0:4433
    $ podman run -ti --rm -p 127.0.0.1:2222:2222 coroner/cryptolyzer hassh generate 0.0.0.0:2222

Official Documentation

Reference: https://cryptolyzer.readthedocs.io

HOUDINI

Hundreds of Offensive and Useful Docker Images for Network Intrusion