Merge pull request #132 from projectdiscovery/issue-131-resolvedIp

fix resolved ip and other minor improvements
projectdiscovery · Dec 8, 2022 · 6392910 · 6392910
2 parents b48772c + adfaaf4
commit 6392910
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 26 deletions.
diff --git a/pkg/tlsx/clients/clients.go b/pkg/tlsx/clients/clients.go
@@ -21,9 +21,8 @@ import (
 
 	"github.com/projectdiscovery/fastdialer/fastdialer"
 	"github.com/projectdiscovery/goflags"
-	ztls "github.com/zmap/zcrypto/tls"
 	stringsutil "github.com/projectdiscovery/utils/strings"
-
+	ztls "github.com/zmap/zcrypto/tls"
 )
 
 // Implementation is an interface implemented by TLSX client
@@ -313,10 +312,14 @@ func IsMisMatchedCert(host string, alternativeNames []string) bool {
 	return true
 }
 
-// IsTLSRevoked returns true if the certificate has been revoked
+// IsTLSRevoked returns true if the certificate has been revoked or failed to parse
 func IsTLSRevoked(cert *x509.Certificate) bool {
-	zcert, _ := zx509.ParseCertificate(cert.Raw)
-	return IsZTLSRevoked(zcert)
+	zcert, err := zx509.ParseCertificate(cert.Raw)
+	if err != nil {
+		return true
+	} else {
+		return IsZTLSRevoked(zcert)
+	}
 }
 
 // IsZTLSRevoked returns true if the certificate has been revoked

diff --git a/pkg/tlsx/openssl/openssl.go b/pkg/tlsx/openssl/openssl.go
@@ -92,13 +92,9 @@ func (c *Client) ConnectWithOptions(hostname, ip, port string, options clients.C
 	}
 	defer rawConn.Close()
 
-	var resolvedIP string
-	if ip != "" {
-		resolvedIP = ip
-	} else if iputil.IsIP(hostname) {
-		resolvedIP = hostname
-	} else {
-		resolvedIP = c.dialer.GetDialedIP(hostname)
+	resolvedIP, _, err := net.SplitHostPort(rawConn.RemoteAddr().String())
+	if err != nil {
+		return nil, err
 	}
 
 	conn, err := openssl.Client(rawConn, opensslCtx)

diff --git a/pkg/tlsx/tls/tls.go b/pkg/tlsx/tls/tls.go
@@ -118,13 +118,9 @@ func (c *Client) ConnectWithOptions(hostname, ip, port string, options clients.C
 		return nil, fmt.Errorf("could not connect to %s", address)
 	}
 
-	var resolvedIP string
-	if ip != "" {
-		resolvedIP = ip
-	} else if iputil.IsIP(hostname) {
-		resolvedIP = hostname
-	} else {
-		resolvedIP = c.dialer.GetDialedIP(hostname)
+	resolvedIP, _, err := net.SplitHostPort(rawConn.RemoteAddr().String())
+	if err != nil {
+		return nil, err
 	}
 
 	config := c.tlsConfig

diff --git a/pkg/tlsx/tlsx.go b/pkg/tlsx/tlsx.go
@@ -4,6 +4,7 @@ import (
 	"strconv"
 
 	"github.com/pkg/errors"
+	"github.com/projectdiscovery/fastdialer/fastdialer"
 	"github.com/projectdiscovery/tlsx/pkg/tlsx/auto"
 	"github.com/projectdiscovery/tlsx/pkg/tlsx/clients"
 	"github.com/projectdiscovery/tlsx/pkg/tlsx/jarm"
@@ -24,6 +25,13 @@ func New(options *clients.Options) (*Service, error) {
 	service := &Service{
 		options: options,
 	}
+	if options.Fastdialer == nil {
+		var err error
+		options.Fastdialer, err = fastdialer.NewDialer(fastdialer.DefaultOptions)
+		if err != nil {
+			return nil, err
+		}
+	}
 	var err error
 	switch options.ScanMode {
 	case "ztls":

diff --git a/pkg/tlsx/tlsx_test.go b/pkg/tlsx/tlsx_test.go
@@ -0,0 +1,66 @@
+package tlsx_test
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/projectdiscovery/fastdialer/fastdialer"
+	"github.com/projectdiscovery/tlsx/pkg/tlsx"
+	"github.com/projectdiscovery/tlsx/pkg/tlsx/clients"
+	"github.com/projectdiscovery/tlsx/pkg/tlsx/openssl"
+	iputil "github.com/projectdiscovery/utils/ip"
+)
+
+func TestResolvedIP(t *testing.T) {
+	allmodes := []string{"ctls", "ztls", "openssl", "auto"}
+	targethostname := "scanme.sh"
+	targets, err := getDNSdata(targethostname)
+	if err != nil {
+		t.Fatalf("failed to get dns data: %v", err)
+	}
+
+	for _, mode := range allmodes {
+		client, err := tlsx.New(&clients.Options{
+			ScanMode: mode,
+			Retries:  3,
+		})
+		if errors.Is(err, openssl.ErrNotSupported) {
+			t.Logf("openssl not available skipping..")
+			continue
+		}
+		if err != nil {
+			t.Fatalf("failed to create new client for %v mode: %v", mode, err)
+		}
+		for _, target := range targets {
+			resp, err := client.ConnectWithOptions(targethostname, target, "443", clients.ConnectOptions{})
+			if err != nil {
+				if iputil.IsIPv6(target) {
+					t.Logf("ipv6 potentially not supported skipping..")
+					continue
+				}
+				t.Fatalf("failed to get response from tlsx client: %v", err)
+			}
+			if !iputil.IsIP(resp.IP) {
+				t.Fatalf("expected ip address for %v but got %v for mode %v", target, resp.IP, mode)
+			}
+		}
+	}
+
+}
+
+func getDNSdata(hostname string) ([]string, error) {
+	targets := []string{}
+	fd, err := fastdialer.NewDialer(fastdialer.DefaultOptions)
+	if err != nil {
+		return targets, err
+	}
+	dnsData, err := fd.GetDNSData(hostname)
+	if err != nil {
+		return targets, err
+	}
+	targets = append(targets, hostname)
+	targets = append(targets, dnsData.A...)
+	targets = append(targets, dnsData.AAAA...)
+
+	return targets, nil
+}
diff --git a/pkg/tlsx/ztls/ztls.go b/pkg/tlsx/ztls/ztls.go
@@ -139,13 +139,9 @@ func (c *Client) ConnectWithOptions(hostname, ip, port string, options clients.C
 		return nil, fmt.Errorf("could not connect to %s", address)
 	}
 
-	var resolvedIP string
-	if ip != "" {
-		resolvedIP = ip
-	} else if iputil.IsIP(hostname) {
-		resolvedIP = hostname
-	} else {
-		resolvedIP = c.dialer.GetDialedIP(hostname)
+	resolvedIP, _, err := net.SplitHostPort(conn.RemoteAddr().String())
+	if err != nil {
+		return nil, err
 	}
 
 	config := c.tlsConfig