Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to setup no retries for tls module? (i/o timeout) #457

Open
lambdina opened this issue Jul 26, 2024 · 3 comments
Open

How to setup no retries for tls module? (i/o timeout) #457

lambdina opened this issue Jul 26, 2024 · 3 comments

Comments

@lambdina
Copy link

Hi there,
Sorry to use this to ask my question, but since [email protected] does not works I have no choice but to write here.
I am trying to use and understand the tls module of zgrab2, as I'd like to use it like sslscan or sslyze to enumerate ciphers for n ip addresses.
However, I notice that each scan takes 8 minutes for a small sample, which is a lot, and when I see my results.json I notice that an endpoint has been tested a lot, with the following error message:
{"ip":"100.4.*****:443","data":{"tls":{"status":"connection-timeout","protocol":"tls","timestamp":"2024-07-15T17:42:53+02:00","error":"dial tcp 100.4.******:443: i/o timeout"}}}
I used grep to count the occurrences for the ip address, I have approximatively 48, which is way too much, I want the scan to abandon the minute we have a timeout.

I tried searching in the code with the error messages, then try the word "retry" but can't catch something interesting, except for utility.go line 147.
Is there an option to avoid any retry, and set the timeout ?

Thank you.
@lambdina lambdina changed the title Retries How to setup no retries for tls module? (i/o timeout) Jul 26, 2024
@lambdina
Copy link
Author

I think it has something to do with connectionPerHost.

@mzpqnxow
Copy link
Contributor

mzpqnxow commented Aug 4, 2024

Hi there,

Sorry to use this to ask my question, but since [email protected] does not works I have no choice but to write here.

I am trying to use and understand the tls module of zgrab2, as I'd like to use it like sslscan or sslyze to enumerate ciphers for n ip addresses.

If you want some unsolicited advice/opinion - I think you'll find solving that problem using zgrab2 frustrating

What you may want to do is write new code in golang that uses zcrypto (the underlying TLS implementation used by zgrab2)

I'm not any sort of authority, just hoping to save you some frustration. Happy to be proven wrong of course, and sounds like a neat tool

Is there any reason you don't want to use the tools you mentioned (sslyze, sslscan) or (imo, the superior) testssl.sh for this task?

I've used testssl.sh extensively and it supports a lot of output formats, including verbose structured json, similar to what zgrab2 provides

@AnthraX1
Copy link
Contributor

AnthraX1 commented Sep 2, 2024

What's your parameters used in the scan? did you use --timeout ? It seems that you are sending one connection per cipher suite to enumerate the ciphers and you'd like to terminate all subsequent connections if there's a timeout?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AnthraX1 @mzpqnxow @lambdina