Loading CHANGELOG.rst +41 −0 Original line number Diff line number Diff line Loading @@ -2,6 +2,47 @@ Changelog ========= ------------------ 1.2.1 - 2026-06-02 ------------------ Features ======== - DNS (``dnsrec``) - add SSHFP DNS record retrieval (#172) - SSH (``ssh``) - add SSHFP fingerprint verification for host keys (#172) - TLS (``tls``) - Cipher Suites (``ciphers``) - add ShangMi (SM2) cipher suite scanning support (#173) - IKE (``ike``) - add option for strict RFC 2409 compliance (#174) Notable fixes ============= - Generic - make log level option effective - TLS (``tls``) - stop cipher suite analysis on protocol version alert - IKE (``ike``) - send the key length attribute when required (#175) - report all supported Diffie-Hellman groups and elliptic curves (#176) ------------------ 1.2.0 - 2026-05-05 ------------------ Loading docs/features.rst +4 −0 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ Differentiators - checks supported Diffie-Hellman (group exchange) key sizes - checks supported host certificates, X.509 certificates and chains - analyzes server protocol version string to identify application server vendor and version - verifies host keys against `SSHFP <https://www.rfc-editor.org/rfc/rfc4255>`__ DNS records Versions """""""" Loading Loading @@ -61,6 +62,7 @@ Differentiators or `wolfSSL <https://www.wolfssl.com>`__ - checks `GOST <https://en.wikipedia.org/wiki/GOST>`__ (national standards of the Russian Federation and CIS countries) cipher suites - checks `ShangMi (SM) <https://www.rfc-editor.org/rfc/rfc8998>`__ (national standards of China) cipher suites - checks `post-quantum <https://en.wikipedia.org/wiki/Post-quantum_cryptography>`__ elliptic curves (`Kyber <https://en.wikipedia.org/wiki/Kyber>`__) - checks TLS 1.3 draft versions, not just final version Loading Loading @@ -326,3 +328,5 @@ Analyzers - `DNSKEY <https://www.rfc-editor.org/rfc/rfc4034#section-2>`__ - `DS <https://www.rfc-editor.org/rfc/rfc4034#section-5>`__ - `RRSIG <https://www.rfc-editor.org/rfc/rfc4034#section-3>`__ - `SSHFP <https://www.rfc-editor.org/rfc/rfc4255>`__ records for SSH host key fingerprint verification llms.txt +8 −4 Original line number Diff line number Diff line Loading @@ -23,8 +23,8 @@ ### TLS/SSL (SSL 2.0 through TLS 1.3) - Cipher suites (400+ --- more than GnuTLS, LibreSSL, OpenSSL, or wolfSSL), including GOST, post-quantum Kyber/ML-KEM hybrid curves, and deprecated/non-standard algorithms - Cipher suites (400+ --- more than GnuTLS, LibreSSL, OpenSSL, or wolfSSL), including GOST, ShangMi (SM), post-quantum Kyber/ML-KEM hybrid curves, and deprecated/non-standard algorithms - Protocol version detection - DH parameters: safe prime check, well-known group identification, key reuse detection, RFC 7919 FFDHE support - Elliptic curves (50+ named curves probed) Loading @@ -44,12 +44,14 @@ - Cipher suites, MAC algorithms, key exchange methods (reported separately for client-to-server and server-to-client) - DH group exchange parameters with well-known group identification - Host keys, OpenSSH host certificates (v00/v01), and X.509 certificates - Host key verification against SSHFP DNS records - Server software vendor and version identification ### DNS - DNSSEC signing keys (DNSKEY, DS, RRSIG) with key type and size analysis - Email authentication records: DMARC, SPF, MTA-STS, TLSRPT - SSHFP records for SSH host key fingerprint verification ### HTTP Loading @@ -60,6 +62,8 @@ ### IKE - Protocol version detection (IKEv1 and IKEv2) - Diffie-Hellman parameters (IKEv1 and IKEv2) - Elliptic curves (IKEv1 and IKEv2) ### Vulnerability detection (TLS and SSH) Loading @@ -83,8 +87,8 @@ - User wants to audit TLS/SSL configuration of a server (cipher suites, protocol versions, certificates, DH parameters, elliptic curves) - User needs to check what cipher suites a server supports, especially GOST, post-quantum, or non-standard algorithms that OpenSSL-based tools miss - User needs to check what cipher suites a server supports, especially GOST, ShangMi (SM), post-quantum, or non-standard algorithms that OpenSSL-based tools miss - User needs to detect TLS 1.3 draft versions on legacy or embedded servers - User wants to analyze DH parameters in depth: safe prime check, well-known group identification, key reuse detection - User needs to audit SSH server configuration (key exchange, host keys, DH group exchange, OpenSSH or X.509 Loading pyproject.toml +2 −2 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ build-backend = 'setuptools.build_meta' [project] name = 'CryptoLyzer' version = '1.2.0' version = '1.2.1' description = 'Multi-protocol cryptographic configuration analyzer for TLS, SSH, DNS, and HTTP — alternative to testssl.sh and sslyze with Python API, 400+ cipher suites, vulnerability detection (FREAK, Logjam, ROBOT), and JA3/HASSH fingerprinting' authors = [ {name = 'Szilárd Pfeiffer', email = 'coroner@pfeifferszilard.hu'} Loading Loading @@ -87,7 +87,7 @@ dependencies = [ 'bs4', 'certvalidator', 'colorama', 'cryptoparser==1.2.0', 'cryptoparser==1.2.1', 'pyfakefs', 'python-dateutil', 'requests', Loading cryptoparser @ 748f89ad Compare 6d08502c to 748f89ad Original line number Diff line number Diff line Subproject commit 6d08502c8c12cd0cdefd7f7f745c3d1bfe02a6da Subproject commit 748f89ad510819fba818273275d466c663a2fa78 Loading
CHANGELOG.rst +41 −0 Original line number Diff line number Diff line Loading @@ -2,6 +2,47 @@ Changelog ========= ------------------ 1.2.1 - 2026-06-02 ------------------ Features ======== - DNS (``dnsrec``) - add SSHFP DNS record retrieval (#172) - SSH (``ssh``) - add SSHFP fingerprint verification for host keys (#172) - TLS (``tls``) - Cipher Suites (``ciphers``) - add ShangMi (SM2) cipher suite scanning support (#173) - IKE (``ike``) - add option for strict RFC 2409 compliance (#174) Notable fixes ============= - Generic - make log level option effective - TLS (``tls``) - stop cipher suite analysis on protocol version alert - IKE (``ike``) - send the key length attribute when required (#175) - report all supported Diffie-Hellman groups and elliptic curves (#176) ------------------ 1.2.0 - 2026-05-05 ------------------ Loading
docs/features.rst +4 −0 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ Differentiators - checks supported Diffie-Hellman (group exchange) key sizes - checks supported host certificates, X.509 certificates and chains - analyzes server protocol version string to identify application server vendor and version - verifies host keys against `SSHFP <https://www.rfc-editor.org/rfc/rfc4255>`__ DNS records Versions """""""" Loading Loading @@ -61,6 +62,7 @@ Differentiators or `wolfSSL <https://www.wolfssl.com>`__ - checks `GOST <https://en.wikipedia.org/wiki/GOST>`__ (national standards of the Russian Federation and CIS countries) cipher suites - checks `ShangMi (SM) <https://www.rfc-editor.org/rfc/rfc8998>`__ (national standards of China) cipher suites - checks `post-quantum <https://en.wikipedia.org/wiki/Post-quantum_cryptography>`__ elliptic curves (`Kyber <https://en.wikipedia.org/wiki/Kyber>`__) - checks TLS 1.3 draft versions, not just final version Loading Loading @@ -326,3 +328,5 @@ Analyzers - `DNSKEY <https://www.rfc-editor.org/rfc/rfc4034#section-2>`__ - `DS <https://www.rfc-editor.org/rfc/rfc4034#section-5>`__ - `RRSIG <https://www.rfc-editor.org/rfc/rfc4034#section-3>`__ - `SSHFP <https://www.rfc-editor.org/rfc/rfc4255>`__ records for SSH host key fingerprint verification
llms.txt +8 −4 Original line number Diff line number Diff line Loading @@ -23,8 +23,8 @@ ### TLS/SSL (SSL 2.0 through TLS 1.3) - Cipher suites (400+ --- more than GnuTLS, LibreSSL, OpenSSL, or wolfSSL), including GOST, post-quantum Kyber/ML-KEM hybrid curves, and deprecated/non-standard algorithms - Cipher suites (400+ --- more than GnuTLS, LibreSSL, OpenSSL, or wolfSSL), including GOST, ShangMi (SM), post-quantum Kyber/ML-KEM hybrid curves, and deprecated/non-standard algorithms - Protocol version detection - DH parameters: safe prime check, well-known group identification, key reuse detection, RFC 7919 FFDHE support - Elliptic curves (50+ named curves probed) Loading @@ -44,12 +44,14 @@ - Cipher suites, MAC algorithms, key exchange methods (reported separately for client-to-server and server-to-client) - DH group exchange parameters with well-known group identification - Host keys, OpenSSH host certificates (v00/v01), and X.509 certificates - Host key verification against SSHFP DNS records - Server software vendor and version identification ### DNS - DNSSEC signing keys (DNSKEY, DS, RRSIG) with key type and size analysis - Email authentication records: DMARC, SPF, MTA-STS, TLSRPT - SSHFP records for SSH host key fingerprint verification ### HTTP Loading @@ -60,6 +62,8 @@ ### IKE - Protocol version detection (IKEv1 and IKEv2) - Diffie-Hellman parameters (IKEv1 and IKEv2) - Elliptic curves (IKEv1 and IKEv2) ### Vulnerability detection (TLS and SSH) Loading @@ -83,8 +87,8 @@ - User wants to audit TLS/SSL configuration of a server (cipher suites, protocol versions, certificates, DH parameters, elliptic curves) - User needs to check what cipher suites a server supports, especially GOST, post-quantum, or non-standard algorithms that OpenSSL-based tools miss - User needs to check what cipher suites a server supports, especially GOST, ShangMi (SM), post-quantum, or non-standard algorithms that OpenSSL-based tools miss - User needs to detect TLS 1.3 draft versions on legacy or embedded servers - User wants to analyze DH parameters in depth: safe prime check, well-known group identification, key reuse detection - User needs to audit SSH server configuration (key exchange, host keys, DH group exchange, OpenSSH or X.509 Loading
pyproject.toml +2 −2 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ build-backend = 'setuptools.build_meta' [project] name = 'CryptoLyzer' version = '1.2.0' version = '1.2.1' description = 'Multi-protocol cryptographic configuration analyzer for TLS, SSH, DNS, and HTTP — alternative to testssl.sh and sslyze with Python API, 400+ cipher suites, vulnerability detection (FREAK, Logjam, ROBOT), and JA3/HASSH fingerprinting' authors = [ {name = 'Szilárd Pfeiffer', email = 'coroner@pfeifferszilard.hu'} Loading Loading @@ -87,7 +87,7 @@ dependencies = [ 'bs4', 'certvalidator', 'colorama', 'cryptoparser==1.2.0', 'cryptoparser==1.2.1', 'pyfakefs', 'python-dateutil', 'requests', Loading
cryptoparser @ 748f89ad Compare 6d08502c to 748f89ad Original line number Diff line number Diff line Subproject commit 6d08502c8c12cd0cdefd7f7f745c3d1bfe02a6da Subproject commit 748f89ad510819fba818273275d466c663a2fa78
