search

zmap / zgrab2

Fast Go Application Scanner
Other
1.71k stars 294 forks source link

How to setup no retries for tls module? (i/o timeout) #457

Open lambdina opened 1 month ago

lambdina commented 1 month ago

Hi there, Sorry to use this to ask my question, but since team@zmap.io does not works I have no choice but to write here. I am trying to use and understand the tls module of zgrab2, as I'd like to use it like sslscan or sslyze to enumerate ciphers for n ip addresses. However, I notice that each scan takes 8 minutes for a small sample, which is a lot, and when I see my results.json I notice that an endpoint has been tested a lot, with the following error message: {"ip":"100.4.*****:443","data":{"tls":{"status":"connection-timeout","protocol":"tls","timestamp":"2024-07-15T17:42:53+02:00","error":"dial tcp 100.4.******:443: i/o timeout"}}} I used grep to count the occurrences for the ip address, I have approximatively 48, which is way too much, I want the scan to abandon the minute we have a timeout.

I tried searching in the code with the error messages, then try the word "retry" but can't catch something interesting, except for utility.go line 147. Is there an option to avoid any retry, and set the timeout ?

Thank you.

lambdina commented 1 month ago

I think it has something to do with connectionPerHost.

mzpqnxow commented 1 month ago

Hi there,

Sorry to use this to ask my question, but since team@zmap.io does not works I have no choice but to write here.

I am trying to use and understand the tls module of zgrab2, as I'd like to use it like sslscan or sslyze to enumerate ciphers for n ip addresses.

If you want some unsolicited advice/opinion - I think you'll find solving that problem using zgrab2 frustrating

What you may want to do is write new code in golang that uses zcrypto (the underlying TLS implementation used by zgrab2)

I'm not any sort of authority, just hoping to save you some frustration. Happy to be proven wrong of course, and sounds like a neat tool

Is there any reason you don't want to use the tools you mentioned (sslyze, sslscan) or (imo, the superior) testssl.sh for this task?

I've used testssl.sh extensively and it supports a lot of output formats, including verbose structured json, similar to what zgrab2 provides

AnthraX1 commented 1 week ago

What's your parameters used in the scan? did you use --timeout ? It seems that you are sending one connection per cipher suite to enumerate the ciphers and you'd like to terminate all subsequent connections if there's a timeout?