diff --git a/modules/fox/log.go b/modules/fox/log.go
index 3b8c860c..d715d0ba 100644
--- a/modules/fox/log.go
+++ b/modules/fox/log.go
@@ -1,5 +1,9 @@
 package fox
 
+import (
+	"github.com/zmap/zgrab2"
+)
+
 // FoxLog is the struct returned to the caller.
 type FoxLog struct {
 	// IsFox should always be true (otherwise, the result should have been nil).
@@ -58,4 +62,6 @@ type FoxLog struct {
 
 	// AuthAgentType corresponds to the "authAgentTypeSpecs" field.
 	AuthAgentType string `json:"auth_agent_type,omitempty"`
+
+	TLSLog *zgrab2.TLSLog `json:"tls,omitempty"`
 }
diff --git a/modules/fox/scanner.go b/modules/fox/scanner.go
index a2ac69cb..a2abf241 100644
--- a/modules/fox/scanner.go
+++ b/modules/fox/scanner.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	log "github.com/sirupsen/logrus"
 	"github.com/zmap/zgrab2"
+	"net"
 )
 
 // Flags holds the command-line configuration for the fox scan module.
@@ -17,6 +18,8 @@ type Flags struct {
 	zgrab2.BaseFlags
 
 	Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"`
+	UseTLS  bool `long:"use-tls" description:"Sends probe with a TLS connection. Loads TLS module command options."`
+	zgrab2.TLSFlags
 }
 
 // Module implements the zgrab2.Module interface.
@@ -98,12 +101,36 @@ func (scanner *Scanner) Protocol() string {
 // 4. If the response has the Fox response prefix, mark the scan as having detected the service.
 // 5. Attempt to read any / all of the data fields from the Log struct
 func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, interface{}, error) {
-	conn, err := target.Open(&scanner.config.BaseFlags)
+
+	var (
+		conn    net.Conn
+		tlsConn *zgrab2.TLSConnection
+		err     error
+	)
+
+	conn, err = target.Open(&scanner.config.BaseFlags)
+	if scanner.config.UseTLS {
+		tlsConn, err = scanner.config.TLSFlags.GetTLSConnection(conn)
+		if err != nil {
+			return zgrab2.TryGetScanStatus(err), nil, err
+		}
+		if err := tlsConn.Handshake(); err != nil {
+			return zgrab2.TryGetScanStatus(err), nil, err
+		}
+		conn = tlsConn
+	} else {
+		conn, err = target.Open(&scanner.config.BaseFlags)
+	}
+
 	if err != nil {
 		return zgrab2.TryGetScanStatus(err), nil, err
 	}
+
 	defer conn.Close()
 	result := new(FoxLog)
+	if tlsConn != nil {
+		result.TLSLog = tlsConn.GetLog()
+	}
 
 	err = GetFoxBanner(result, conn)
 	if !result.IsFox {
diff --git a/zgrab2_schemas/zgrab2/fox.py b/zgrab2_schemas/zgrab2/fox.py
index 212ecd85..fcf0ee0e 100644
--- a/zgrab2_schemas/zgrab2/fox.py
+++ b/zgrab2_schemas/zgrab2/fox.py
@@ -30,6 +30,7 @@
                 "brand_id": String(),
                 "sys_info": String(),
                 "agent_auth_type": String(),
+                "tls": zgrab2.tls_log,
             }
         )
     },