tlsLibHunter 0.1.0__tar.gz

tlslibhunter-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Daniel Baier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

tlslibhunter-0.1.0/MANIFEST.in

@@ -0,0 +1,3 @@
+include LICENSE
+include README.md
+recursive-include tlslibhunter/scripts *.js

tlslibhunter-0.1.0/PKG-INFO

@@ -0,0 +1,119 @@
+Metadata-Version: 2.4
+Name: tlsLibHunter
+Version: 0.1.0
+Summary: Identifies TLS/SSL libraries in running processes using Frida-based dynamic instrumentation.
+Home-page: https://github.com/fkie-cad/tlsLibHunter
+Author: Daniel Baier
+Author-email: daniel.baier@fkie.fraunhofer.de
+License: GPL-3.0-only
+Project-URL: Source, https://github.com/fkie-cad/tlsLibHunter
+Project-URL: Issues, https://github.com/fkie-cad/tlsLibHunter/issues
+Keywords: frida,ssl,tls,instrumentation,security
+Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
+Classifier: Operating System :: OS Independent
+Classifier: Natural Language :: English
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: JavaScript
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Debuggers
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: frida>=16.0.0
+Requires-Dist: frida-tools>=12.0.0
+Requires-Dist: rich
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license
+Dynamic: license-file
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# TLSLibHunter
+
+Identify and extract TLS/SSL libraries from running processes using dynamic instrumentation.
+
+## Installation
+
+```bash
+pip install tlsLibHunter
+```
+
+## Quick Start
+
+### CLI Usage
+
+```bash
+# List TLS libraries in a local process
+tlsLibHunter firefox -l
+
+# Scan and extract TLS libraries
+tlsLibHunter firefox
+
+# Android device
+tlsLibHunter com.example.app -m -l
+
+# JSON output
+tlsLibHunter firefox -l -f json
+```
+
+### Example output:
+
+```bash
+tlslibhunter -m -l Chrome
+INFO: Platform: android
+INFO: Found 324 loaded modules
+INFO: Pattern match in libssl.so: 1 hits
+INFO: Detected: libssl.so (boringssl, system)
+INFO: Pattern match in libmonochrome_64.so: 1 hits
+INFO: Fingerprint: libmonochrome_64.so identified as boringssl
+INFO: Detected: libmonochrome_64.so (boringssl, app)
+INFO: Scan complete: 2 TLS libraries found in 298 modules (8.06s)
+        				TLS Libraries in 'Chrome' (android)                    
+┏━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
+┃ #    ┃ Library             ┃ Type      ┃ Class  ┃      Size ┃ Path                                                                                                                                     ┃
+┡━━━━━━╇━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
+│ 1    │ libssl.so           │ boringssl │ system │ 376.0 KiB │ /apex/com.… │
+│ 2    │ libmonochrome_64.so │ boringssl │ app    │ 119.1 MiB │ /data/app/~~NlI… │
+└──────┴─────────────────────┴───────────┴────────┴───────────┴────────────────────────────┘
+
+Scanned 298 modules in 8.06s
+```
+
+
+### Python API
+
+```python
+from tlslibhunter import TLSLibHunter
+
+# Scan a local process
+hunter = TLSLibHunter("firefox")
+result = hunter.scan()
+for lib in result.libraries:
+    print(f"{lib.name} ({lib.library_type}) - {lib.path}")
+
+# Scan and extract
+result = hunter.scan()
+extractions = hunter.extract(result, output_dir="./extracted_libs")
+```
+
+## Features
+
+- Memory scanning for TLS string patterns
+- Supports OpenSSL, BoringSSL, GnuTLS, wolfSSL, mbedTLS, NSS, SChannel, SecureTransport
+- Multi-platform: Android, iOS, Windows, Linux, macOS
+- Multiple extraction methods: disk copy, ADB pull, APK extraction, memory dump
+- Clean Python API for programmatic use
+- Backend abstraction (currently only frida but might be extended to other frameworks in the future)
+
+## License
+
+MIT
+

tlslibhunter-0.1.0/README.md

@@ -0,0 +1,81 @@
+# TLSLibHunter
+
+Identify and extract TLS/SSL libraries from running processes using dynamic instrumentation.
+
+## Installation
+
+```bash
+pip install tlsLibHunter
+```
+
+## Quick Start
+
+### CLI Usage
+
+```bash
+# List TLS libraries in a local process
+tlsLibHunter firefox -l
+
+# Scan and extract TLS libraries
+tlsLibHunter firefox
+
+# Android device
+tlsLibHunter com.example.app -m -l
+
+# JSON output
+tlsLibHunter firefox -l -f json
+```
+
+### Example output:
+
+```bash
+tlslibhunter -m -l Chrome
+INFO: Platform: android
+INFO: Found 324 loaded modules
+INFO: Pattern match in libssl.so: 1 hits
+INFO: Detected: libssl.so (boringssl, system)
+INFO: Pattern match in libmonochrome_64.so: 1 hits
+INFO: Fingerprint: libmonochrome_64.so identified as boringssl
+INFO: Detected: libmonochrome_64.so (boringssl, app)
+INFO: Scan complete: 2 TLS libraries found in 298 modules (8.06s)
+        				TLS Libraries in 'Chrome' (android)                    
+┏━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
+┃ #    ┃ Library             ┃ Type      ┃ Class  ┃      Size ┃ Path                                                                                                                                     ┃
+┡━━━━━━╇━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
+│ 1    │ libssl.so           │ boringssl │ system │ 376.0 KiB │ /apex/com.… │
+│ 2    │ libmonochrome_64.so │ boringssl │ app    │ 119.1 MiB │ /data/app/~~NlI… │
+└──────┴─────────────────────┴───────────┴────────┴───────────┴────────────────────────────┘
+
+Scanned 298 modules in 8.06s
+```
+
+
+### Python API
+
+```python
+from tlslibhunter import TLSLibHunter
+
+# Scan a local process
+hunter = TLSLibHunter("firefox")
+result = hunter.scan()
+for lib in result.libraries:
+    print(f"{lib.name} ({lib.library_type}) - {lib.path}")
+
+# Scan and extract
+result = hunter.scan()
+extractions = hunter.extract(result, output_dir="./extracted_libs")
+```
+
+## Features
+
+- Memory scanning for TLS string patterns
+- Supports OpenSSL, BoringSSL, GnuTLS, wolfSSL, mbedTLS, NSS, SChannel, SecureTransport
+- Multi-platform: Android, iOS, Windows, Linux, macOS
+- Multiple extraction methods: disk copy, ADB pull, APK extraction, memory dump
+- Clean Python API for programmatic use
+- Backend abstraction (currently only frida but might be extended to other frameworks in the future)
+
+## License
+
+MIT
+

tlslibhunter-0.1.0/pyproject.toml

@@ -0,0 +1,13 @@
+[build-system]
+requires = ["setuptools>=45", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[tool.ruff]
+target-version = "py38"
+line-length = 120
+
+[tool.ruff.lint]
+select = ["E", "F", "W", "I", "UP", "B", "SIM"]
+
+[tool.ruff.lint.isort]
+known-first-party = ["tlslibhunter"]

tlslibhunter-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

tlslibhunter-0.1.0/setup.py

@@ -0,0 +1,67 @@
+#!/usr/bin/env python3
+import importlib.util
+from pathlib import Path
+
+from setuptools import find_packages, setup
+
+# Paths
+ROOT = Path(__file__).resolve().parent
+PKG = "tlslibhunter"
+ABOUT = ROOT / PKG / "about.py"
+README = ROOT / "README.md"
+
+# Load metadata from about.py safely
+spec = importlib.util.spec_from_file_location(f"{PKG}.about", ABOUT)
+about = importlib.util.module_from_spec(spec)
+spec.loader.exec_module(about)  # type: ignore[attr-defined]
+
+# Long description
+long_description = README.read_text(encoding="utf-8") if README.exists() else ""
+
+# Runtime requirements
+install_requires = [
+    "frida>=16.0.0",
+    "frida-tools>=12.0.0",
+    "rich",
+]
+
+setup(
+    name="tlsLibHunter",
+    version=about.__version__,
+    description=("Identifies TLS/SSL libraries in running processes using Frida-based dynamic instrumentation."),
+    long_description=long_description,
+    long_description_content_type="text/markdown",
+    url="https://github.com/fkie-cad/tlsLibHunter",
+    author=about.__author__,
+    author_email="daniel.baier@fkie.fraunhofer.de",
+    license="GPL-3.0-only",
+    packages=find_packages(exclude=("tests",)),
+    python_requires=">=3.8",
+    install_requires=install_requires,
+    # Include non-Python assets inside the package
+    package_data={
+        "tlslibhunter": [
+            "scripts/*.js",
+        ],
+    },
+    include_package_data=True,
+    classifiers=[
+        "License :: OSI Approved :: GNU General Public License v3 (GPLv3)",
+        "Operating System :: OS Independent",
+        "Natural Language :: English",
+        "Programming Language :: Python :: 3 :: Only",
+        "Programming Language :: JavaScript",
+        "Topic :: Security",
+        "Topic :: Software Development :: Debuggers",
+    ],
+    keywords=["frida", "ssl", "tls", "instrumentation", "security"],
+    entry_points={
+        "console_scripts": [
+            "tlsLibHunter=tlslibhunter.cli:main",
+        ],
+    },
+    project_urls={
+        "Source": "https://github.com/fkie-cad/tlsLibHunter",
+        "Issues": "https://github.com/fkie-cad/tlsLibHunter/issues",
+    },
+)

tlslibhunter-0.1.0/tests/test_classifier.py

@@ -0,0 +1,65 @@
+"""Tests for module classifier."""
+
+from tlslibhunter.scanner.classifier import ModuleClassifier
+
+
+class TestAndroidClassifier:
+    def setup_method(self):
+        self.clf = ModuleClassifier("android", package_name="com.example.app")
+
+    def test_system_library(self):
+        info = self.clf.classify_module("libssl.so", "/system/lib64/libssl.so")
+        assert info["classification"] == "system"
+
+    def test_app_library_data_app(self):
+        info = self.clf.classify_module(
+            "libcustom.so",
+            "/data/app/~~abc==/com.example.app-xyz==/lib/arm64/libcustom.so",
+        )
+        assert info["classification"] == "app"
+
+    def test_apk_inner_is_app(self):
+        info = self.clf.classify_module(
+            "libcronet.so",
+            "/data/app/~~abc==/com.example.app-xyz==/base.apk!/lib/arm64-v8a/libcronet.so",
+        )
+        assert info["classification"] == "app"
+
+    def test_scan_worthy_skips_libc(self):
+        assert not self.clf.is_scan_worthy("libc.so", "/system/lib64/libc.so")
+
+    def test_scan_worthy_skips_odex(self):
+        assert not self.clf.is_scan_worthy("base.odex", "/data/app/base.odex")
+
+    def test_scan_worthy_allows_libssl(self):
+        assert self.clf.is_scan_worthy("libssl.so", "/system/lib64/libssl.so")
+
+
+class TestWindowsClassifier:
+    def setup_method(self):
+        self.clf = ModuleClassifier("windows")
+
+    def test_system_dll(self):
+        info = self.clf.classify_module("kernel32.dll", "C:\\Windows\\System32\\kernel32.dll")
+        assert info["classification"] == "system"
+
+    def test_app_dll(self):
+        info = self.clf.classify_module("myapp.dll", "C:\\Program Files\\MyApp\\myapp.dll")
+        assert info["classification"] == "app"
+
+    def test_scan_worthy_skips_ntdll(self):
+        assert not self.clf.is_scan_worthy("ntdll.dll", "C:\\Windows\\System32\\ntdll.dll")
+
+
+class TestLinuxClassifier:
+    def setup_method(self):
+        self.clf = ModuleClassifier("linux")
+
+    def test_system_library(self):
+        info = self.clf.classify_module("libssl.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3")
+        assert info["classification"] == "system"
+        assert info["library_type"] == "openssl"
+
+    def test_app_library(self):
+        info = self.clf.classify_module("libcustom.so", "/opt/myapp/lib/libcustom.so")
+        assert info["classification"] == "app"

tlslibhunter-0.1.0/tests/test_cli.py

@@ -0,0 +1,45 @@
+"""Tests for CLI argument parsing."""
+
+from tlslibhunter.cli import build_parser
+
+
+class TestCLIParsing:
+    def setup_method(self):
+        self.parser = build_parser()
+
+    def test_mobile_does_not_consume_target(self):
+        """Regression test: -m should not steal the TARGET positional arg."""
+        args = self.parser.parse_args(["-m", "Chrome", "-l"])
+        assert args.target == "Chrome"
+        assert args.mobile is True
+        assert args.list_only is True
+
+    def test_mobile_flag_only(self):
+        args = self.parser.parse_args(["app", "-m"])
+        assert args.target == "app"
+        assert args.mobile is True
+        assert args.serial is None
+
+    def test_serial_without_m(self):
+        args = self.parser.parse_args(["firefox", "--serial", "ABC"])
+        assert args.target == "firefox"
+        assert args.serial == "ABC"
+
+    def test_serial_with_m(self):
+        args = self.parser.parse_args(["firefox", "-m", "--serial", "ABC"])
+        assert args.target == "firefox"
+        assert args.mobile is True
+        assert args.serial == "ABC"
+
+    def test_list_only_with_output(self):
+        args = self.parser.parse_args(["firefox", "-l", "-o", "out"])
+        assert args.target == "firefox"
+        assert args.list_only is True
+        assert args.output == "out"
+
+    def test_basic_target(self):
+        args = self.parser.parse_args(["firefox"])
+        assert args.target == "firefox"
+        assert args.mobile is False
+        assert args.serial is None
+        assert args.list_only is False

tlslibhunter-0.1.0/tests/test_config.py

@@ -0,0 +1,61 @@
+"""Tests for HunterConfig dataclass."""
+
+import warnings
+
+from tlslibhunter.config import HunterConfig
+
+
+class TestHunterConfig:
+    def test_defaults(self):
+        config = HunterConfig(target="firefox")
+        assert config.target == "firefox"
+        assert config.backend == "frida"
+        assert config.timeout == 10
+        assert not config.spawn
+        assert not config.list_only
+        assert config.mobile is False
+        assert config.serial is None
+
+    def test_is_mobile_true(self):
+        config = HunterConfig(target="app", mobile=True)
+        assert config.is_mobile
+
+    def test_is_mobile_serial(self):
+        config = HunterConfig(target="app", serial="ABC123")
+        assert config.is_mobile
+        assert config.device_serial == "ABC123"
+
+    def test_serial_implies_mobile(self):
+        config = HunterConfig(target="app", serial="XYZ")
+        assert config.is_mobile
+        assert config.device_serial == "XYZ"
+
+    def test_is_mobile_false(self):
+        config = HunterConfig(target="app")
+        assert not config.is_mobile
+        assert config.device_serial is None
+
+    def test_mobile_string_deprecation(self):
+        with warnings.catch_warnings(record=True) as w:
+            warnings.simplefilter("always")
+            config = HunterConfig(target="app", mobile="ABC123")
+            assert len(w) == 1
+            assert issubclass(w[0].category, DeprecationWarning)
+            assert "serial" in str(w[0].message).lower()
+            # Should have migrated to serial
+            assert config.mobile is True
+            assert config.serial == "ABC123"
+            assert config.is_mobile
+            assert config.device_serial == "ABC123"
+
+    def test_effective_output_dir_default(self):
+        config = HunterConfig(target="firefox")
+        assert config.effective_output_dir == "./tls_libs_firefox"
+
+    def test_effective_output_dir_custom(self):
+        config = HunterConfig(target="firefox", output_dir="/tmp/out")
+        assert config.effective_output_dir == "/tmp/out"
+
+    def test_effective_output_dir_sanitizes_slashes(self):
+        config = HunterConfig(target="com.example/app")
+        assert "/" not in config.effective_output_dir.split("tls_libs_")[-1]

tlslibhunter-0.1.0/tests/test_encoding.py

@@ -0,0 +1,45 @@
+"""Tests for hex pattern encoding utilities."""
+
+from tlslibhunter.utils.encoding import ascii_to_hex, build_scan_patterns, utf16le_to_hex
+
+
+class TestAsciiToHex:
+    def test_simple_string(self):
+        assert ascii_to_hex("ABC") == "41 42 43"
+
+    def test_underscore(self):
+        assert ascii_to_hex("A_B") == "41 5f 42"
+
+    def test_client_random(self):
+        result = ascii_to_hex("CLIENT_RANDOM")
+        assert result.startswith("43 4c 49 45 4e 54")
+
+    def test_empty_string(self):
+        assert ascii_to_hex("") == ""
+
+
+class TestUtf16leToHex:
+    def test_simple_string(self):
+        assert utf16le_to_hex("AB") == "41 00 42 00"
+
+    def test_single_char(self):
+        assert utf16le_to_hex("A") == "41 00"
+
+
+class TestBuildScanPatterns:
+    def test_returns_list(self):
+        patterns = build_scan_patterns("TEST")
+        assert isinstance(patterns, list)
+        assert len(patterns) > 0
+
+    def test_contains_ascii(self):
+        patterns = build_scan_patterns("TEST")
+        assert ascii_to_hex("TEST") in patterns
+
+    def test_contains_utf16le(self):
+        patterns = build_scan_patterns("TEST")
+        assert utf16le_to_hex("TEST") in patterns
+
+    def test_no_duplicates(self):
+        patterns = build_scan_patterns("TEST")
+        assert len(patterns) == len(set(patterns))

tlslibhunter-0.1.0/tests/test_fingerprints.py

@@ -0,0 +1,137 @@
+"""Tests for TLS library fingerprint identification."""
+
+from tlslibhunter.scanner.fingerprints import (
+    LIBRARY_FINGERPRINTS,
+    fingerprint_library,
+    get_all_fingerprint_strings,
+)
+
+
+class TestFingerprintLibrary:
+    def test_boringssl_identified(self):
+        lib_type, _ = fingerprint_library(["BoringSSL"])
+        assert lib_type == "boringssl"
+
+    def test_boringssl_over_openssl(self):
+        """BoringSSL should win even when OpenSSL strings are present."""
+        lib_type, _ = fingerprint_library(["BoringSSL", "OpenSSL 3."])
+        assert lib_type == "boringssl"
+
+    def test_libressl_over_openssl(self):
+        """LibreSSL should win even when OpenSSL strings are present."""
+        lib_type, _ = fingerprint_library(["LibreSSL", "OpenSSL 1.1."])
+        assert lib_type == "libressl"
+
+    def test_openssl_alone(self):
+        lib_type, _ = fingerprint_library(["OpenSSL 3.0.12"])
+        assert lib_type == "openssl"
+
+    def test_gnutls(self):
+        lib_type, _ = fingerprint_library(["GnuTLS"])
+        assert lib_type == "gnutls"
+
+    def test_wolfssl(self):
+        lib_type, _ = fingerprint_library(["wolfSSL"])
+        assert lib_type == "wolfssl"
+
+    def test_mbedtls(self):
+        lib_type, _ = fingerprint_library(["Mbed TLS"])
+        assert lib_type == "mbedtls"
+
+    def test_nss(self):
+        lib_type, _ = fingerprint_library(["NSS_GetVersion"])
+        assert lib_type == "nss"
+
+    def test_s2n(self):
+        lib_type, _ = fingerprint_library(["s2n_negotiate"])
+        assert lib_type == "s2n"
+
+    def test_matrixssl(self):
+        lib_type, _ = fingerprint_library(["matrixssl"])
+        assert lib_type == "matrixssl"
+
+    def test_botan(self):
+        lib_type, _ = fingerprint_library(["Botan"])
+        assert lib_type == "botan"
+
+    def test_gotls(self):
+        lib_type, _ = fingerprint_library(["crypto/tls"])
+        assert lib_type == "gotls"
+
+    def test_rustls(self):
+        lib_type, _ = fingerprint_library(["rustls"])
+        assert lib_type == "rustls"
+
+    def test_unknown_on_no_match(self):
+        lib_type, _ = fingerprint_library(["random"])
+        assert lib_type == "unknown"
+
+    def test_empty_input(self):
+        lib_type, version = fingerprint_library([])
+        assert lib_type == "unknown"
+        assert version == ""
+
+
+class TestVersionExtraction:
+    def test_openssl_version(self):
+        _, version = fingerprint_library(["OpenSSL 3.1.4"])
+        assert version == "3.1.4"
+
+    def test_openssl_version_with_letter(self):
+        _, version = fingerprint_library(["OpenSSL 1.0.2k"])
+        assert version == "1.0.2k"
+
+    def test_libressl_version(self):
+        _, version = fingerprint_library(["LibreSSL 3.8.1"])
+        assert version == "3.8.1"
+
+    def test_gnutls_version(self):
+        _, version = fingerprint_library(["GnuTLS 3.7.9"])
+        assert version == "3.7.9"
+
+    def test_wolfssl_version(self):
+        _, version = fingerprint_library(["wolfSSL 5.6.3"])
+        assert version == "5.6.3"
+
+    def test_mbedtls_version(self):
+        _, version = fingerprint_library(["Mbed TLS 3.6.0"])
+        assert version == "3.6.0"
+
+    def test_boringssl_no_version(self):
+        """BoringSSL has no version strings by design."""
+        _, version = fingerprint_library(["BoringSSL"])
+        assert version == ""
+
+    def test_no_version_when_unknown(self):
+        _, version = fingerprint_library(["random_string"])
+        assert version == ""
+
+
+class TestFingerprintDataIntegrity:
+    def test_all_fingerprint_strings_unique(self):
+        all_strings = get_all_fingerprint_strings()
+        assert len(all_strings) == len(set(all_strings))
+
+    def test_each_fingerprint_has_strings(self):
+        for fp in LIBRARY_FINGERPRINTS:
+            assert len(fp.fingerprint_strings) > 0, (
+                f"{fp.library_type} has no fingerprint strings"
+            )
+
+    def test_each_fingerprint_has_library_type(self):
+        for fp in LIBRARY_FINGERPRINTS:
+            assert fp.library_type, f"Missing library_type for {fp.display_name}"
+
+    def test_each_fingerprint_has_display_name(self):
+        for fp in LIBRARY_FINGERPRINTS:
+            assert fp.display_name, f"Missing display_name for {fp.library_type}"
+
+    def test_boringssl_before_openssl(self):
+        """BoringSSL must be checked before OpenSSL in priority order."""
+        types = [fp.library_type for fp in LIBRARY_FINGERPRINTS]
+        assert types.index("boringssl") < types.index("openssl")
+
+    def test_libressl_before_openssl(self):
+        """LibreSSL must be checked before OpenSSL in priority order."""
+        types = [fp.library_type for fp in LIBRARY_FINGERPRINTS]
+        assert types.index("libressl") < types.index("openssl")