Command Line¶
The default command for cryptonice is
cryptonice <domain_name>
This results in the following commands being run
{
"id": "default",
"port": 443,
"scans": ["TLS", "HTTP", "HTTP2", "DNS"],
"tls_params": ["certificate_information", "ssl_2_0_cipher_suites", "ssl_3_0_cipher_suites","tls_1_0_cipher_suites", "tls_1_1_cipher_suites", "tls_1_2_cipher_suites","tls_1_3_cipher_suites", "http_headers"],
"http_body": false,
"force_redirect": true,
"print_out": true,
"generate_json": true,
"targets": [<domain_name>]
}
The user can choose to specify custom commands. Each custom command must be preceded with the name of the option (ex: to specify the scans TLS and HTTP to run, the user must add –scans TLS HTTP to the command line parameters)
–PORT: port to perform the scan on (default = 443)
–SCANS: scans to perform
- TLS scan, HTTP headers, HTTP2 check, DNS data (default = None)
–TLS_PARAMETERS: TLS specific scans to perform (should be listed as specified below, with no commas between options):
- all, no_vuln_tests, certificate_info, ssl_2_0_cipher_suites, ssl_3_0_cipher_suites, tls_1_0_cipher_suites, tls_1_1_cipher_suites, tls_1_2_cipher_suites, tls_1_3_cipher_suites, tls_compression, tls_1_3_early_data, openssl_ccs_injection, heartbleed, robot, tls_fallback_scsv, session_renegotiation, session_resumption, session_resumption_rate, http_headers
- all results in all commands being run, no_vuln_tests results in certificate_info, http_headers and the cipher_suites commands being run.
- More information on each of these scan options can be found at: https://nabla-c0d3.github.io/sslyze/documentation/available-scan-commands.html
–HTTP_BODY: Y/y or N/n - sets a Boolean variable to include or exclude HTTP pages information
–FORCE_REDIRECTS: Y/y or N/n - sets a Boolean variable to check for automatic redirects from port 80 to 443 in a TLS scan (default = Y)
–PRINT_OUT: Y/y or N/n - sets a Boolean variable to print scan results to console (default = Y)
–JSON_OUT: Y/y or N/n - sets a Boolean variable to print scan results to JSON output file (default = Y)