Tlsx
Fast TLS/SSL scanner by ProjectDiscovery for certificate enumeration and cipher detection
Recon & OSINT10 commands
#tls#ssl#certificate#projectdiscovery#recon#enumeration
Installation
1Install using Go
2Verify installation
# Using Go
go install github.com/projectdiscovery/tlsx/cmd/tlsx@latest
# Verify
tlsx --versionBasic Usage
Enumerate TLS/SSL certificates and cipher information from targets
# Scan single domain
tlsx -u https://example.com
# Scan multiple domains from file
tlsx -l domains.txt
# Show certificate details
tlsx -u example.com -san -cn
# TLS version and cipher info
tlsx -u example.com -tls-version -cipher
# JSON output
tlsx -l domains.txt -json -o results.json
# Scan specific ports
tlsx -u example.com -port 443,8443Command Reference
10 commands
1Target URL or domain
-u2File containing domains
-l3Show Subject Alternative Names
-san4Show Common Name
-cn5Show TLS version supported
-tls-version6Show cipher suites
-cipher7JSON output format
-json8Output file
-o9Port to connect on
-port10Silent mode
-silentWhen to Use
1
SSL/TLS certificate enumeration during recon2
Checking for certificate transparency issues3
Discovering subdomains via SAN entries4
Auditing TLS configuration and cipher strength5
Finding expired or misconfigured certificatesNotes & Tips
1
Part of the ProjectDiscovery toolkit2
Can discover hidden subdomains via SAN fields3
Use -json for machine-readable output4
Supports both IPv4 and IPv6 targetsCommon Errors & Solutions
Connection refused
Verify the host and port are reachable and TLS is enabled
No certificates found
Ensure the target supports TLS on the specified port