Advanced Python terminal tool for testing SNI, Host headers, CDN/front-domain behavior, proxy-style config details, real connectivity, cache-assisted scans, and stability checks.
🌍 Languages: English | 🇮🇷 فارسی | 📢 Support
If this project is useful for you, please consider giving it a Star ⭐ on GitHub. It helps the project grow and motivates further development.
This tool is intended for testing configurations, domains, and networks that you own or are authorized to test. You are responsible for how you use it. Always follow your local laws, ISP rules, and the terms of service of the platforms and providers you use.
- Paste full config links or enter config specs manually
- Smart config detection and scanner recommendation
- CDN / WS / HTTP scanner with A/B/C modes
- Simple SNI scanner for TLS-based configs
- Real connection test for WS/HTTP/TLS scenarios
- Fake result filtering and A-only filtering
- Live scan progress output
- Selective result saving for Mode B, Mode C, or B+C
- Cache system for faster repeated scans
- Stability test for repeated verification
- Configurable Smart Retry
- TLS security checks for TLS-based configs
- File-based list selection from
data/sni_lists - Results saved only in
data/results - Built-in Help and Settings screens
- Python 3.9+
- pip
- Internet access for first dependency installation
- Terminal, CMD, PowerShell, or Windows Terminal
- Python 3.10, 3.11, or 3.12
- Stable internet connection
- Correct system date/time, especially for TLS checks
- Your own direct internet connection for more accurate results
For the most accurate results, run the scanner using your own normal internet connection.
VPNs, proxies, strict firewalls, antivirus web shields, or unusual DNS settings may change scan results. If the results look strange:
- test once with a direct connection,
- try a different DNS,
- temporarily disable unrelated VPN/proxy software,
- adjust Timeout or Smart Retry,
- repeat the scan with the same list.
pip install -r requirements.txtOn Windows:
run.batOr directly with Python:
python main.pyThe app is designed to avoid reinstalling dependencies when they are already available.
- Start with Option 4 ⭐.
- Paste a full config or enter specs manually.
- Let the app detect the config type and suggest the proper scanner.
- Run the recommended scan.
- Save valid results from Mode B or Mode C.
This should usually be the first section you use. It allows you to:
- paste a full config,
- enter specs manually,
- set network type, security, Host, SNI, Path, and Port,
- get a recommended scan type.
Manual entry is supported for users who do not have a full config link.
Use this for configs involving CDN, Host Header, WS, HTTP, XHTTP, or front-domain behavior.
Good for configs such as:
network=wsnetwork=httpnetwork=xhttpsecurity=none- configs where Address and Host are different
This is usually the most important scanner for CDN-style configs.
Use this for simple TLS/SNI checks.
Good for:
- direct TLS configs,
- fast SNI checks,
- basic handshake testing.
This is not always the best choice for complex CDN/WS/HTTP configs. If your config has Host Header or WS/HTTP behavior, Option 1 is usually more accurate.
Use this when you need to test multiple configs or multiple inputs more quickly.
Settings can control:
- Smart Retry: 0 to 3
- Timeout
- Worker / Thread count
- DNS Mode
- Cache
- Stability Test
Settings should apply globally across the main scan sections.
The built-in help screen shows a short guide for scan modes and app behavior.
| Mode | Meaning | Reliability |
|---|---|---|
| A | Test using the config IP or target | Low / helper only |
| B | Test using the domain's real DNS IP | Important |
| C | Test using alternate/CDN IPs | Important |
A result with only A = OK is usually not reliable. The app tries not to save A-only results as valid output. Mode B and Mode C are usually the important modes for usable results.
Real Connection Test goes beyond a simple visible OK result. Depending on the config type, the app attempts a more realistic check:
ws + none: WebSocket/HTTP-style check with Host and Pathws/http/xhttp + tls: TLS plus Host/Path checktcp + tls: TLS handshake checktcp + none: basic TCP connectivity check
Smart Retry can improve accuracy, but it may increase scan time.
| Value | Meaning |
|---|---|
| 0 | Off / fastest |
| 1 | Normal |
| 2 | More accurate |
| 3 | Maximum / slower |
Use 0 or 1 for speed. Use 2 or 3 when accuracy matters more.
Cache speeds up repeated scans. If a domain has already been tested, the app can reuse the cached result.
Benefits:
- faster repeated scans,
- fewer duplicate checks,
- useful for large lists.
Stability Test helps identify results that are not consistently working. It can repeat checks to confirm whether a result is stable.
This improves quality, but may increase scan time.
List files are stored here:
data/sni_lists/
Common files:
| File | Purpose |
|---|---|
default.txt |
General list |
default_sni.txt |
TLS/SNI-focused list |
iran.txt |
Suggested Iranian domains |
custom.txt |
User custom list |
When you choose File inside the app, you can select one of these files.
Results are saved here:
data/results/
You can choose:
- Mode B only
- Mode C only
- Mode B + C
The app should not save broken results or A-only results as valid results.
SNI_Scanner/
├─ main.py
├─ run.bat
├─ requirements.txt
├─ README.md
├─ README_EN.md
├─ SUPPORT.md
├─ data/
│ ├─ sni_lists/
│ ├─ results/
│ ├─ cache/
│ └─ logs/
If you encounter an issue or have a suggestion, contact the developer on Telegram:
👉 Telegram: @Hunter23_S
For better issue reports, include:
- Operating system
- Python version
- Menu option used
- Screenshot or exact error text
- Config type: TLS or non-TLS
- Network type: WS, HTTP, XHTTP, GRPC, or TCP
Please remove private data before sending anything. Do not publicly share UUIDs, passwords, private server addresses, or personal configs.
MIT License