Scanafi 2.2 is live and available for download
What is Scanafi?
Scanafi is a lightweight utility that enables you to scan hosts on your internal network for SSL/TLS certificates and potential vulnerabilities.
Scanafi performs network discoveries for certificates on port 443 (default) or a set of well-known ports via SSL/TLS and STARTTLS handshakes. It is available as a single executable file for Windows, Linux, and MacOS operating systems.
Scanafi can operate in two simple modes: “provider” or “standalone.”
The provider mode involves the automatic transmission of certificate discovery results to one of the supported Venafi Provider destinations.
There are three supported Provider destinations:
- Venafi Trust Protection Platform (TPP) via the WebSDK module: This communication is over https and requires that a TPP server hosting the WebSDK module is accessible. Authentication credentials (username, password) for the Trust Protection Platform are required in order to use this Provider destination.
- Venafi Cloud for DevOps. This communication is over https, authentication credentials (an API token) for Venafi Cloud are also required to use this Provider destination. One can acquire an API token after completing a successful registration to the Venafi Cloud for DevOps servers (https://ui.venafi.cloud).
- Default: When the provider type is Default, Scanafi is executed and it will scan for certificates. The output is shown on the console or as a JSON. Default is used in a scenario where a user wants to run Scanafi and analyze the output before transferring the results to Venafi Cloud or Venafi Trust Protection Platform.
In the standalone operating mode, certificate discovery results are logged to a standard text file, in JSON format. This file can then be collected for later import to a destination (typically the Venafi Trust Protection Platform using the WebSDK API).
For further reference, review the API endpoint ‘POST/certificates/import’ in the WebSDK API documentation found here: https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Discovery-Import.php
What's New in this version?
- SSLv2 now supported: Scanafi can now scan and detect for the SSLv2 protocol configured in servers.
- Credential and Command Line support: You now have the ability to enter credentials (username & password for Trust Protection Platform) at the command prompt as well as in the newly introduced config JSON file.
- Port ranges: can now be noted as “1-10”, instead of 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. Ports can also be listed as “1-5, 6, 8-10”.
Where can I download Scanafi?
To download Scanafi 2.2, visit our Download Portal.
Where is the documentation?
Click the link to download a copy of Scanafi's documentation.