tlsx hangs indefinitely for long target lists

[msecrfe]

tlsx version:

v1.1.9

Current Behavior:

For long target lists (in our case: Around 30k host/port combinations), tlsx reliably hangs indefinitely after several hours of execution, usually after around 25k targets have finished. Hanging happens even while writing JSONL output lines, cutting off a JSONL line somewhere in the middle.

Expected Behavior:

tlsx should not hang indefinitely.

Steps To Reproduce:

tlsx was started as follows:

~/go/bin/tlsx \
	-list /tmp/host_port_combos.txt \
	-scan-mode 'auto' \
	-ip-version '4' \
	-so \
	-tls-version \
	-cipher \
	-hash 'sha256' \
	-wildcard-cert \
	-probe-status \
	-version-enum \
	-cipher-enum \
	-cipher-type 'all' \
	-serial \
	-expired \
	-self-signed \
	-mismatched \
	-revoked \
	-untrusted \
	-resolvers 8.8.8.8,8.8.4.4,1.1.1.1 \
	-certificate \
	-tls-chain \
	-concurrency '300' \
	-cipher-concurrency '10' \
	-timeout '5' \
	-retry '3' \
	-disable-update-check \
	-output /tmp/tlsx_output.jsonl \
	-json \
	-no-color

At one point, there is no more progress and even output is no longer written. This is the last line of the output file (/tmp/tlsx_output.jsonl):

{"timestamp":"2025-04-25T09:59:31.489674682Z","host":"xn--<censored>-t6b.<censored>","ip":"<censored>","port":"443","probe_status":true,"tls_version":"tls13","cipher":"TLS_AES_128_GCM_SHA256","self_signed":true,"mismatched":true,"not_before":"2017-01-16T16:04:01Z","not_after":"2027-01-14T16:04:01Z","subject_dn":"emailAddress=root@localhost.localdomain, CN=localhost.localdomain, OU=IT, O=MyCompany, L=Seattle, ST=WA, C=US, emailAddress=root@localhost.localdomain","subject_cn":

Please note that the line ends with an open "subject_cn" key and the JSON object on that line is never closed. The aforementioned line is line 25737 of the output file, so more than 25k targets have been scanned before.

Anything else:

The issue always appears after a long time of execution. Execution of tlsx for the aforementioned approx. 30k targets (aborted/hanging after about 25k targets) started at 2025-04-24T16:50:47+00:00 and the process started hanging at 2025-04-25T10:47:39+0000, so about 18 hours later.

The issue does not seem to depend on the specific target host, as tlsx correctly terminates when only scanning the target host. Also, it always starts hanging indefinitely for a different target, but always after having run for hours and after having already scanned several thousand targets,

[msecrfe]

I have gotten closer to the root cause of the bug.

All hosts that trigger this bug (hang/freeze) resolve to the same IP address. This means that the bug is either due to the host's TLS config or the host's certificate/certificate chain. One of these two seems to cause trouble and makes tlsx hang.

Please find attached:

• the certificate of the host: cert.zip
• output of testssl for the host: testssl-out.txt

[ehsandeep]

@msecrfe thank for info, would it be possible for you to share the test / identified hosts with us at research@projectdiscovery.io so we can investigate further?

[Bundy01]

Hi,

I don't know if it's the same problem, but I've also noticed a slowness of tlsx when using it with asnmap.

asnmap -silent -org GOOGLE|tlsx -silent -san -cn -dns -resp-only

Regards.