explaingit

xtls/realitlscanner

Analysis updated 2026-07-03

3,733GoAudience · developerComplexity · 2/5Setup · easy

TLDR

A command-line tool that scans TLS servers across IP ranges or domain lists, recording certificate details to help identify suitable cover destinations for the Reality privacy protocol.

Mindmap

mindmap
  root((realitlscanner))
    What it does
      Scans TLS servers
      Records cert details
      Finds cover destinations
    Inputs
      IP or CIDR range
      Domain name
      URL of domain list
    Outputs
      Terminal results
      CSV file
      Country codes
    Setup
      Go build command
      Docker option
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan an IP range in CIDR notation to find TLS servers compatible with the Reality protocol cover destination requirements.

USE CASE 2

Export TLS scan results including domain, certificate issuer, and country code to a CSV file for offline analysis.

USE CASE 3

Point the scanner at a URL listing many domains and batch-scan all of them for TLS handshake details in parallel.

What is it built with?

GoDockerMaxMind GeoLite2

How does it compare?

xtls/realitlscannerlooplj/axonhubaws/copilot-cli
Stars3,7333,7333,738
LanguageGoGoGo
Setup difficultyeasymoderatemoderate
Complexity2/53/53/5
Audiencedeveloperdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min
No license information is provided in the explanation.

In plain English

RealiTLScanner is a command-line tool written in Go that scans TLS servers. TLS is the encryption protocol behind HTTPS connections. The scanner is designed to work alongside the Reality protocol, a feature in the XTLS/Xray project, and helps users find servers that are suitable to use as cover destinations for that protocol. You give the tool a target, such as an IP address, a range of IP addresses in CIDR notation, or a domain name, and it connects to each one on port 443 (or a port you specify), checks the TLS handshake, and records details like the TLS version used, the domain name from the certificate, and who issued the certificate. Results are printed to the terminal and saved to a CSV file. You can also point the tool at a URL listing many domains, and it will crawl that page to collect targets before scanning them. Options include setting the number of parallel scan threads (default is one), adjusting the connection timeout per target (default is ten seconds), and enabling verbose output to see both successful and failed connections. If you place a MaxMind GeoLite2 country database file in the same directory, the tool will also add a country code to each result. The README includes a sample of terminal output showing the IP address, connected domain, and certificate issuer for each successful connection, and a sample CSV showing those same fields with a geo code column added. The project is built and run locally with a single Go build command. A Docker option is also provided for users who do not want to install Go on their machine. The README recommends running the scanner on a local machine rather than a cloud server, because cloud IP addresses may be blocked or flagged by the servers being scanned.

Copy-paste prompts

Prompt 1
I cloned xtls/realitlscanner. How do I scan the CIDR range 192.0.2.0/24 on port 443 and save results to a CSV with GeoLite2 country codes?
Prompt 2
How do I run xtls/realitlscanner with 10 parallel threads and a 3-second timeout, and what does the output CSV look like?
Prompt 3
Build xtls/realitlscanner using Docker and scan a single domain name for TLS certificate issuer and version details.
Prompt 4
I want to find Reality protocol cover destinations using xtls/realitlscanner. Which CSV columns matter most and what values should I look for?

Frequently asked questions

What is realitlscanner?

A command-line tool that scans TLS servers across IP ranges or domain lists, recording certificate details to help identify suitable cover destinations for the Reality privacy protocol.

What language is realitlscanner written in?

Mainly Go. The stack also includes Go, Docker, MaxMind GeoLite2.

What license does realitlscanner use?

No license information is provided in the explanation.

How hard is realitlscanner to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is realitlscanner for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub xtls on gitmyhub

Verify against the repo before relying on details.