Skip to content

TLSX

Purpose

TLSX collects TLS certificate information and emits certificate assets.

Plugin Information

Plugin ID: tlsx

Category: TLS Discovery

Plugin Type: custom

Execution: active CLI TLS probe

Default State: enabled

Default Profiles:

  • deep
  • tls_audit
  • recon_expanded

Input Scope

Accepted asset types:

  • url
  • domain
  • subdomain
  • service
  • ip

Required metadata:

  • None

Produces targets:

  • Newline-delimited scope values on stdin.

Output

Creates assets:

  • certificate

Creates vulnerabilities:

  • None

May enrich:

  • Certificate assets with subject, issuer, SAN, validity, host, IP, port, and scheme metadata.

Metadata:

  • subject_cn: certificate subject common name.
  • issuer_cn: issuer common name.
  • san: subject alternative names.
  • not_before: certificate start time from TLSX.
  • not_after: certificate expiry time from TLSX.
  • expired: expiry flag.
  • host: parsed host.
  • ip: reported or inferred IP.
  • port: parsed or inferred port.
  • scheme: parsed URL scheme.
  • source: tlsx.

Graph Relations

The worker links certificates to the best matching asset:

service/url/subdomain/domain/ip -> has_certificate -> certificate

Service match is preferred when IP and port are available.

Files / Artifacts

Produces:

  • None

Dependencies

Required binary: tlsx

Required installer entry: tools.tlsx

Command model:

tlsx -json -silent -san

Example Flow

url or service
  -> tlsx
certificate

Notes

The certificate asset value prefers fingerprint_hash, then subject common name, then host.