Juraj Somorovsky
University of Paderborn
| e‑mail: |
|
|---|
TLS-Scanner is an automated analysis tool for evaluating the security behavior of TLS clients and servers. It is based on TLS-Attacker, a framework introduced in 2016 to enable systematic testing of TLS libraries through precisely defined TLS protocol flows. While TLS-Attacker executes a single, developer-specified TLS flow, TLS-Scanner extends this approach by automatically executing and evaluating multiple TLS flows to analyze implementation behavior in a comprehensive and repeatable manner.
Core Features
TLS-Scanner evaluates TLS implementations using modular probes, each targeting a specific security property or vulnerability. Probes can test for issues such as Raccoon, ALPACA, or padding oracle vulnerabilities, and the results are aggregated into a clear summary for the user. The tool supports arbitrary modifications at any point in the TLS flow, including dynamic values such as key exchange parameters or record layer plaintexts, enabling precise testing of malformed or non-standard protocol behavior.
Key Benefits
TLS-Scanner is the only open-source tool capable of scanning both TLS clients and servers while allowing fine-grained manipulation of computed TLS values. This capability is essential for detecting classes of vulnerabilities that require carefully crafted, non-compliant protocol messages, such as padding oracle attacks. By enabling such precise modifications, TLS-Scanner supports efficient and accurate vulnerability detection that is not feasible with other existing tools.
Areas of Application
TLS-Scanner is suitable for developers, security researchers, and evaluators assessing the robustness of TLS implementations in clients and servers. The tool is particularly relevant for vulnerability research, regression testing, and systematic evaluation of TLS behavior in real-world deployments. Typical use cases include secure communications in domains such as financial services, energy, telecommunications, healthcare, and governmental services.