diff --git a/.gitignore b/.gitignore index 3d71fb43..3b78fefb 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,5 @@ # Dependency directories (remove the comment below to include it) # vendor/ -cmd/tlsx/tlsx \ No newline at end of file +cmd/tlsx/tlsx +dist/* \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml index 6d94936d..56f81490 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -26,6 +26,12 @@ builds: binary: '{{ .ProjectName }}' main: cmd/tlsx/main.go +# release options (https://goreleaser.com/customization/release/) + +release: + draft: true + prerelease: auto + archives: - format: zip replacements: @@ -39,7 +45,7 @@ announce: enabled: true channel: '#release' username: GoReleaser - message_template: '**New Release: {{ .ProjectName }} {{.Tag}}** is published! Check it out at {{ .ReleaseURL }}' + message_template: 'New Release: {{ .ProjectName }} {{.Tag}} is published! Check it out at {{ .ReleaseURL }}' discord: enabled: true diff --git a/go.mod b/go.mod index 2a6a5ee2..2d049125 100644 --- a/go.mod +++ b/go.mod @@ -9,16 +9,16 @@ require ( github.com/miekg/dns v1.1.50 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/dnsx v1.1.1 - github.com/projectdiscovery/fastdialer v0.0.19 + github.com/projectdiscovery/fastdialer v0.0.20 github.com/projectdiscovery/goflags v0.1.6 - github.com/projectdiscovery/gologger v1.1.5 + github.com/projectdiscovery/gologger v1.1.7 github.com/projectdiscovery/mapcidr v1.0.3 github.com/projectdiscovery/utils v0.0.4-0.20230102120019-c7a04e2045be github.com/rs/xid v1.4.0 github.com/stretchr/testify v1.8.1 - github.com/zmap/zcrypto v0.0.0-20220803033029-557f3e4940be - golang.org/x/exp v0.0.0-20221019170559-20944726eadf + github.com/zmap/zcrypto v0.0.0-20230113044912-682e75113af0 go.uber.org/multierr v1.9.0 + golang.org/x/exp v0.0.0-20221019170559-20944726eadf ) require ( @@ -81,9 +81,9 @@ require ( go.uber.org/atomic v1.10.0 // indirect golang.org/x/crypto v0.1.0 // indirect golang.org/x/mod v0.6.0 // indirect - golang.org/x/net v0.2.0 // indirect - golang.org/x/sys v0.2.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/net v0.4.0 // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/tools v0.2.0 // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/djherbis/times.v1 v1.3.0 // indirect diff --git a/go.sum b/go.sum index 5e3e112b..38a820a2 100644 --- a/go.sum +++ b/go.sum @@ -255,15 +255,15 @@ github.com/projectdiscovery/cdncheck v0.0.3 h1:li2/rUJmhVXSqRFyhJMqi6pdBX6ZxMnwz github.com/projectdiscovery/cdncheck v0.0.3/go.mod h1:EevMeCG1ogBoUJYaa0Mv9R1VUboDm/DiynId7DboKy0= github.com/projectdiscovery/dnsx v1.1.1 h1:yGYEH1vfVN7YdvdOtPzPvrc6JuHCi8wBTAkStP/f2QI= github.com/projectdiscovery/dnsx v1.1.1/go.mod h1:DVvc+ePRCknahLpz4Y8nMppYOGUZhkEmYsTPuYx1a5w= -github.com/projectdiscovery/fastdialer v0.0.19 h1:0E9trACMtYq1JgkY+sM8b6XABjITRwHBSWwhH9csmgY= -github.com/projectdiscovery/fastdialer v0.0.19/go.mod h1:9zV1eivctLQkBUykwBj5BaPkYz8A8j1Sou2UCgdCQ5I= +github.com/projectdiscovery/fastdialer v0.0.20 h1:OWwAX5TdTTJs2W961nBj2D2tOa9AdcAdQeHGGXmLmKs= +github.com/projectdiscovery/fastdialer v0.0.20/go.mod h1:+oUmNczJ912XkF6ckZi7W2fUS/7bvB8+0nHZzbIGEMw= github.com/projectdiscovery/fileutil v0.0.0-20220308101036-16c79af1cf5d/go.mod h1:Pm0f+MWgDFMSSI9NBedNh48LyYPs8gD3Jd8DXGmp4aQ= github.com/projectdiscovery/fileutil v0.0.3 h1:GSsoey4p8ZHIRxWF2VXh4mhLr+wfEkpJwvF0Dxpn/gg= github.com/projectdiscovery/fileutil v0.0.3/go.mod h1:GLejWd3YerG3RNYD/Hk2pJlytlYRgHdkWfWUAdCH2YQ= github.com/projectdiscovery/goflags v0.1.6 h1:EXigzX4lJmn/fLMnULdc03O7WW+DjiYZhNgdGvfg+Z4= github.com/projectdiscovery/goflags v0.1.6/go.mod h1:yILgA7gbrHuTpIvMfikbivzoxkyxBD1Y5/PRHiGTIFk= -github.com/projectdiscovery/gologger v1.1.5 h1:CT2Jrpzusca+dwNREMMz4RnAreJ0RqaISRU4SBcZC+M= -github.com/projectdiscovery/gologger v1.1.5/go.mod h1:bNyVaC1U/NpJtFkJltcesn01NR3K8Hg6RsLVce6yvrw= +github.com/projectdiscovery/gologger v1.1.7 h1:QeByO4NR8vlZ5ZM2XIOJARRj5WOOU5Ix35FBQ1iH5Rk= +github.com/projectdiscovery/gologger v1.1.7/go.mod h1:bNyVaC1U/NpJtFkJltcesn01NR3K8Hg6RsLVce6yvrw= github.com/projectdiscovery/hmap v0.0.2 h1:fe3k0b6tj95mn9a1phD3JXvAAOmmWAh/Upg1Bf0Tfos= github.com/projectdiscovery/hmap v0.0.2/go.mod h1:YU3TeNTDmLW2dtb4LvuEtDsPTsQ06XMnmOeD3KOuU6c= github.com/projectdiscovery/iputil v0.0.2 h1:f6IGnZF4RImJLysPSPG3D84jyTH34q3lihCFeP+eZzI= @@ -359,8 +359,8 @@ github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 h1:kKCF7VX/wTmdg2ZjEaqlq9 github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4 h1:17HHAgFKlLcZsDOjBOUrd5hDihb1ggf+1a5dTbkgkIY= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= -github.com/zmap/zcrypto v0.0.0-20220803033029-557f3e4940be h1:M5QjuCbUeNZsup53dlJkI/cx6pVdnDOPzyy+XppoowY= -github.com/zmap/zcrypto v0.0.0-20220803033029-557f3e4940be/go.mod h1:bRZdjnJaHWVXKEwrfAZMd0gfRjZGNhTbZwzp07s0Abw= +github.com/zmap/zcrypto v0.0.0-20230113044912-682e75113af0 h1:2ju/bn+FSxCSeiGchcvoOPxr3FQ4GLZlSUDuIwm2ZJ0= +github.com/zmap/zcrypto v0.0.0-20230113044912-682e75113af0/go.mod h1:bRZdjnJaHWVXKEwrfAZMd0gfRjZGNhTbZwzp07s0Abw= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= @@ -425,8 +425,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -473,8 +473,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -484,8 +484,9 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/internal/runner/banner.go b/internal/runner/banner.go index 09796b27..950af2f9 100644 --- a/internal/runner/banner.go +++ b/internal/runner/banner.go @@ -17,7 +17,7 @@ var banner = fmt.Sprintf(` |_| |____|___/_/\_\ %s `, version) -var version = "v1.0.3" +var version = "v1.0.4" // validateOptions validates the provided options for crawler func (r *Runner) validateOptions() error { @@ -60,7 +60,4 @@ func (r *Runner) validateOptions() error { func showBanner() { gologger.Print().Msgf("%s\n", banner) gologger.Print().Msgf("\t\tprojectdiscovery.io\n\n") - - gologger.Print().Label("WRN").Msgf("Use with caution. You are responsible for your actions.\n") - gologger.Print().Label("WRN").Msgf("Developers assume no liability and are not responsible for any misuse or damage.\n") } diff --git a/pkg/tlsx/clients/clients.go b/pkg/tlsx/clients/clients.go index c2104510..6e7f706f 100644 --- a/pkg/tlsx/clients/clients.go +++ b/pkg/tlsx/clients/clients.go @@ -312,25 +312,29 @@ func IsMisMatchedCert(host string, alternativeNames []string) bool { } // IsTLSRevoked returns true if the certificate has been revoked or failed to parse -func IsTLSRevoked(cert *x509.Certificate) bool { +func IsTLSRevoked(options *Options, cert *x509.Certificate) bool { zcert, err := zx509.ParseCertificate(cert.Raw) if err != nil { return true } else { - return IsZTLSRevoked(zcert) + return IsZTLSRevoked(options, zcert) } } // IsZTLSRevoked returns true if the certificate has been revoked -func IsZTLSRevoked(cert *zx509.Certificate) bool { +func IsZTLSRevoked(options *Options, cert *zx509.Certificate) bool { var OCSPisRevoked bool = false var OCSPerr error // TODO : Verify Upstream Patch and remove extra condition when fixed if len(cert.IssuingCertificateURL) > 0 && len(cert.OCSPServer) > 0 { - OCSPisRevoked, _, OCSPerr = zverifier.CheckOCSP(context.TODO(), cert, nil) + ctx, cancel := context.WithTimeout(context.Background(), time.Duration(options.Timeout)*time.Second) + defer cancel() + OCSPisRevoked, _, OCSPerr = zverifier.CheckOCSP(ctx, cert, nil) } if len(cert.CRLDistributionPoints) != 0 { - CRLisRevoked, _, CRLerr := zverifier.CheckCRL(context.TODO(), cert, nil) + ctx, cancel := context.WithTimeout(context.Background(), time.Duration(options.Timeout)*time.Second) + defer cancel() + CRLisRevoked, _, CRLerr := zverifier.CheckCRL(ctx, cert, nil) if CRLerr == nil { if OCSPerr == nil { diff --git a/pkg/tlsx/clients/utils.go b/pkg/tlsx/clients/utils.go index d1f238ff..3014adf9 100644 --- a/pkg/tlsx/clients/utils.go +++ b/pkg/tlsx/clients/utils.go @@ -4,7 +4,7 @@ import ( "crypto/x509" ) -func Convertx509toResponse(hostname string, cert *x509.Certificate, showcert bool) *CertificateResponse { +func Convertx509toResponse(options *Options, hostname string, cert *x509.Certificate, showcert bool) *CertificateResponse { response := &CertificateResponse{ SubjectAN: cert.DNSNames, Emails: cert.EmailAddresses, @@ -13,7 +13,7 @@ func Convertx509toResponse(hostname string, cert *x509.Certificate, showcert boo Expired: IsExpired(cert.NotAfter), SelfSigned: IsSelfSigned(cert.AuthorityKeyId, cert.SubjectKeyId), MisMatched: IsMisMatchedCert(hostname, append(cert.DNSNames, cert.Subject.CommonName)), - Revoked: IsTLSRevoked(cert), + Revoked: IsTLSRevoked(options, cert), WildCardCert: IsWildCardCert(append(cert.DNSNames, cert.Subject.CommonName)), IssuerCN: cert.Issuer.CommonName, IssuerOrg: cert.Issuer.Organization, diff --git a/pkg/tlsx/openssl/openssl.go b/pkg/tlsx/openssl/openssl.go index 39f6c970..fed2312b 100644 --- a/pkg/tlsx/openssl/openssl.go +++ b/pkg/tlsx/openssl/openssl.go @@ -96,7 +96,7 @@ func (c *Client) ConnectWithOptions(hostname, ip, port string, options clients.C ProbeStatus: true, Port: port, Version: resp.Session.getTLSVersion(), - CertificateResponse: clients.Convertx509toResponse(hostname, resp.AllCerts[0], c.options.Cert), + CertificateResponse: clients.Convertx509toResponse(c.options, hostname, resp.AllCerts[0], c.options.Cert), Cipher: resp.Session.Cipher, TLSConnection: "openssl", ServerName: opensslOptions.ServerName, @@ -107,7 +107,7 @@ func (c *Client) ConnectWithOptions(hostname, ip, port string, options clients.C responses := []*clients.CertificateResponse{} certs := getCertChain(ctx, opensslOptions) for _, v := range certs { - responses = append(responses, clients.Convertx509toResponse(hostname, v, c.options.Cert)) + responses = append(responses, clients.Convertx509toResponse(c.options, hostname, v, c.options.Cert)) } response.Chain = responses } diff --git a/pkg/tlsx/tls/tls.go b/pkg/tlsx/tls/tls.go index c7cd89e8..b07d4630 100644 --- a/pkg/tlsx/tls/tls.go +++ b/pkg/tlsx/tls/tls.go @@ -182,12 +182,12 @@ func (c *Client) ConnectWithOptions(hostname, ip, port string, options clients.C Version: tlsVersion, Cipher: tlsCipher, TLSConnection: "ctls", - CertificateResponse: clients.Convertx509toResponse(hostname, leafCertificate, c.options.Cert), + CertificateResponse: clients.Convertx509toResponse(c.options, hostname, leafCertificate, c.options.Cert), ServerName: config.ServerName, } if c.options.TLSChain { for _, cert := range certificateChain { - response.Chain = append(response.Chain, clients.Convertx509toResponse(hostname, cert, c.options.Cert)) + response.Chain = append(response.Chain, clients.Convertx509toResponse(c.options, hostname, cert, c.options.Cert)) } } return response, nil diff --git a/pkg/tlsx/ztls/ztls.go b/pkg/tlsx/ztls/ztls.go index 1d0d2f15..70f86538 100644 --- a/pkg/tlsx/ztls/ztls.go +++ b/pkg/tlsx/ztls/ztls.go @@ -248,7 +248,7 @@ func ConvertCertificateToResponse(options *clients.Options, hostname string, cer Expired: clients.IsExpired(cert.NotAfter), SelfSigned: clients.IsSelfSigned(cert.AuthorityKeyId, cert.SubjectKeyId), MisMatched: clients.IsMisMatchedCert(hostname, append(cert.DNSNames, cert.Subject.CommonName)), - Revoked: clients.IsZTLSRevoked(cert), + Revoked: clients.IsZTLSRevoked(options, cert), WildCardCert: clients.IsWildCardCert(append(cert.DNSNames, cert.Subject.CommonName)), IssuerDN: cert.Issuer.String(), IssuerCN: cert.Issuer.CommonName,