Merge pull request #75 from projectdiscovery/dev

v0.0.6 Release
projectdiscovery · Aug 22, 2022 · 2b4936d · 2b4936d
2 parents 2ee81a3 + ac68e80
commit 2b4936d
Show file tree

Hide file tree

Showing 21 changed files with 1,085 additions and 141 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,7 @@ FROM golang:1.18.2-alpine3.14 AS build-env
 RUN apk add --no-cache build-base
 RUN go install -v github.com/projectdiscovery/tlsx/cmd/tlsx@latest
 
-FROM alpine:3.16.0
+FROM alpine:3.16.2
 RUN apk add --no-cache bind-tools ca-certificates
 COPY --from=build-env /go/bin/tlsx /usr/local/bin/tlsx
 ENTRYPOINT ["tlsx"]
diff --git a/README.md b/README.md
@@ -67,8 +67,10 @@ INPUT:
    -p, -port string[]  target port to connect (default 443)
 
 SCAN-MODE:
-   -sm, -scan-mode string  tls connection mode to use (ctls, ztls, auto) (default ctls)
-   -ps, -pre-handshake     enable pre-handshake tls connection (early termination) using ztls
+   -sm, -scan-mode string     tls connection mode to use (ctls, ztls, auto) (default "auto")
+   -ps, -pre-handshake        enable pre-handshake tls connection (early termination) using ztls
+   -sa, -scan-all-ips         scan all ips for a host (default false)
+   -iv, -ip-version string[]  ip version to use (4, 6) (default 4)
 
 PROBES:
    -san                 display subject alternative names
@@ -79,12 +81,15 @@ PROBES:
    -hash string         display certificate fingerprint hashes (md5,sha1,sha256)
    -jarm                display jarm fingerprint hash
    -ja3                 display ja3 fingerprint hash (using ztls)
+   -wc, -wildcard-cert  display host with wildcard ssl certificate
    -tps, -probe-status  display tls probe status
+   -ve, -version-enum   enumerate and display supported tls versions
+   -ce, -cipher-enum    enumerate and display supported cipher
 
 MISCONFIGURATIONS:
-   -ex, -expired      display expired certificate
-   -ss, -self-signed  display self-signed certificate
-   -mm, -mismatched   display mismatched certificate
+   -ex, -expired      display host with host expired certificate
+   -ss, -self-signed  display host with self-signed certificate
+   -mm, -mismatched   display host with mismatched certificate
 
 CONFIGURATIONS:
    -config string               path to the tlsx configuration file
@@ -94,7 +99,7 @@ CONFIGURATIONS:
    -sni string[]                tls sni hostname to use
    -min-version string          minimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)
    -max-version string          maximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)
-   -ac, -all-ciphers            send all ciphers as accepted inputs
+   -ac, -all-ciphers            send all ciphers as accepted inputs (default true)
    -cert, -certificate          include certificates in json output (PEM format)
    -tc, -tls-chain              include certificates chain in json output
    -vc, -verify-cert            enable verification of server certificate
@@ -347,7 +352,7 @@ echo example.com | tlsx -json -silent | jq .
 
 ```json
 {
-  "timestamp": "2022-06-30T15:29:52.788129+05:30",
+  "timestamp": "2022-08-22T21:22:59.799053+05:30",
   "host": "example.com",
   "ip": "93.184.216.34",
   "port": "443",
@@ -381,21 +386,21 @@ echo example.com | tlsx -json -silent | jq .
     "sha1": "df81dfa6b61eafdffffe1a250240db5d2e6cee25",
     "sha256": "7f2fe8d6b18e9a47839256cd97938daa70e8515750298ddba2f3f4b8440113fc"
   },
-  "tls_connection": "ctls"
+  "tls_connection": "ctls",
+  "sni": "example.com"
 }
 ```
 
 ## Configuration
 
 ### Scan Mode
 
-tlsx provides multiple options to make TLS connection, **[crypto/tls](https://pkg.go.dev/crypto/tls)** being default option which is standard crypto library in Go.
+tlsx provides multiple modes to make TLS Connection -
 
-Available TLS Connection modes:
-
-- `ctls` (**crypto/tls**) - default
+- `auto` (with fallback support) - default
+- `ctls` (**crypto/tls**)
 - `ztls` (**zcrypto/tls**)
-- `auto` (**ctls** with **ztls** fallback support)
+- `openssl` (conditional build)
 
 Some pointers for the specific mode / library is highlighted in [linked discussions](https://github.com/projectdiscovery/tlsx/discussions/2), `auto` mode is supported to ensure the maximum coverage and scans for the hosts running older version of TLS by retrying the connection using `ztls` mode upon any connection error.
 
@@ -418,6 +423,63 @@ $ echo tls-v1-0.badssl.com | tlsx -port 1010 -sm ztls
 tls-v1-0.badssl.com:1010
 ```
 
+<table>
+<tr>
+<td>
+
+### OpenSSL
+
+`tlsx` can be built with support for `OpenSSL` for osx and linux systems. The library must be installed with the following commands:
+
+
+**OSX**:
+
+```console
+brew install openssl
+```
+
+**OSX Arm**:
+
+```console
+brew install openssl
+```
+
+```console
+export CGO_LDFLAGS="-L/opt/homebrew/opt/[email protected]/lib"
+export CGO_CPPFLAGS="-I/opt/homebrew/opt/[email protected]/include"
+```
+
+```console
+go build -tags openssl .
+```
+
+**Linux**:
+
+```console
+apt install openssl
+```
+
+On some linux systems the default configuration is restrictive, and in order to allow more tls coverage the enclosed `assets/openssl.include` should be copied onto the system and the following snippet added to `/etc/ssl/openssl.cnf`:
+
+```
+.include /path/to/openssl.include
+```
+
+Finally the binary must be built with the `openssl` tag:
+
+```console
+go build -tags openssl .
+```
+
+At this point the engine can be used with:
+
+```console
+tlsx -sm openssl -json
+```
+</td>
+</tr>
+</table>
+
 ### Pre-Handshake (Early Termination)
 
 **tlsx** supports terminating SSL connection early which leads to faster scanning and less connection request (disconnecting after TLS `serverhello` and certificate data is gathered).
@@ -490,7 +552,10 @@ $ tlsx -u example.com -ci cipher_list.txt -cipher
 
 ## Acknowledgements
 
-This program optionally uses the [zcrypto](https://github.com/zmap/zcrypto) library from the zmap team.
+This program optionally uses:
+
+- [zcrypto](https://github.com/zmap/zcrypto) library from the zmap team.
+- [spacelog](https://github.com/spacemonkeygo/spacelog) for openssl cgo bindings.
 
 --------
 

diff --git a/assets/openssl.include b/assets/openssl.include
@@ -0,0 +1,13 @@
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+
+[ssl_sect]
+
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = TLSv1
+CipherString = DEFAULT:@SECLEVEL=1
diff --git a/cmd/tlsx/main.go b/cmd/tlsx/main.go
@@ -1,11 +1,14 @@
 package main
 
 import (
+	"strings"
+
 	"github.com/pkg/errors"
 	"github.com/projectdiscovery/goflags"
 	"github.com/projectdiscovery/gologger"
 	"github.com/projectdiscovery/tlsx/internal/runner"
 	"github.com/projectdiscovery/tlsx/pkg/tlsx/clients"
+	"github.com/projectdiscovery/tlsx/pkg/tlsx/openssl"
 )
 
 var (
@@ -14,6 +17,7 @@ var (
 )
 
 func main() {
+
 	if err := process(); err != nil {
 		gologger.Fatal().Msgf("Could not process: %s", err)
 	}
@@ -44,14 +48,22 @@ func readFlags() error {
 	flagSet.SetDescription(`TLSX is a tls data gathering and analysis toolkit.`)
 
 	flagSet.CreateGroup("input", "Input",
-		flagSet.StringSliceVarP(&options.Inputs, "host", "u", []string{}, "target host to scan (-u INPUT1,INPUT2)", goflags.CommaSeparatedStringSliceOptions),
+		flagSet.StringSliceVarP(&options.Inputs, "host", "u", nil, "target host to scan (-u INPUT1,INPUT2)", goflags.CommaSeparatedStringSliceOptions),
 		flagSet.StringVarP(&options.InputList, "list", "l", "", "target list to scan (-l INPUT_FILE)"),
 		flagSet.StringSliceVarP(&options.Ports, "port", "p", nil, "target port to connect (default 443)", goflags.FileCommaSeparatedStringSliceOptions),
 	)
 
+	availableScanModes := []string{"ctls", "ztls"}
+	if openssl.Enabled {
+		availableScanModes = append(availableScanModes, "openssl")
+	}
+	availableScanModes = append(availableScanModes, "auto")
+
 	flagSet.CreateGroup("scan-mode", "Scan-Mode",
-		flagSet.StringVarP(&options.ScanMode, "scan-mode", "sm", "", "tls connection mode to use (ctls, ztls, auto) (default ctls)"),
+		flagSet.StringVarP(&options.ScanMode, "scan-mode", "sm", "auto", "tls connection mode to use ("+strings.Join(availableScanModes, ", ")+")"),
 		flagSet.BoolVarP(&options.CertsOnly, "pre-handshake", "ps", false, "enable pre-handshake tls connection (early termination) using ztls"),
+		flagSet.BoolVarP(&options.ScanAllIPs, "scan-all-ips", "sa", false, "scan all ips for a host (default false)"),
+		flagSet.StringSliceVarP(&options.IPVersion, "ip-version", "iv", nil, "ip version to use (4, 6) (default 4)", goflags.NormalizedStringSliceOptions),
 	)
 
 	flagSet.CreateGroup("probes", "Probes",
@@ -63,13 +75,16 @@ func readFlags() error {
 		flagSet.StringVar(&options.Hash, "hash", "", "display certificate fingerprint hashes (md5,sha1,sha256)"),
 		flagSet.BoolVar(&options.Jarm, "jarm", false, "display jarm fingerprint hash"),
 		flagSet.BoolVar(&options.Ja3, "ja3", false, "display ja3 fingerprint hash (using ztls)"),
+		flagSet.BoolVarP(&options.WildcardCertCheck, "wildcard-cert", "wc", false, "display host with wildcard ssl certificate"),
 		flagSet.BoolVarP(&options.ProbeStatus, "probe-status", "tps", false, "display tls probe status"),
+		flagSet.BoolVarP(&options.TlsVersionsEnum, "version-enum", "ve", false, "enumerate and display supported tls versions"),
+		flagSet.BoolVarP(&options.TlsCiphersEnum, "cipher-enum", "ce", false, "enumerate and display supported cipher"),
 	)
 
 	flagSet.CreateGroup("misconfigurations", "Misconfigurations",
-		flagSet.BoolVarP(&options.Expired, "expired", "ex", false, "display expired certificate"),
-		flagSet.BoolVarP(&options.SelfSigned, "self-signed", "ss", false, "display self-signed certificate"),
-		flagSet.BoolVarP(&options.MisMatched, "mismatched", "mm", false, "display mismatched certificate"),
+		flagSet.BoolVarP(&options.Expired, "expired", "ex", false, "display host with host expired certificate"),
+		flagSet.BoolVarP(&options.SelfSigned, "self-signed", "ss", false, "display host with self-signed certificate"),
+		flagSet.BoolVarP(&options.MisMatched, "mismatched", "mm", false, "display host with mismatched certificate"),
 	)
 
 	flagSet.CreateGroup("configs", "Configurations",
@@ -80,7 +95,7 @@ func readFlags() error {
 		flagSet.StringSliceVar(&options.ServerName, "sni", nil, "tls sni hostname to use", goflags.FileCommaSeparatedStringSliceOptions),
 		flagSet.StringVar(&options.MinVersion, "min-version", "", "minimum tls version to accept (ssl30,tls10,tls11,tls12,tls13)"),
 		flagSet.StringVar(&options.MaxVersion, "max-version", "", "maximum tls version to accept (ssl30,tls10,tls11,tls12,tls13)"),
-		flagSet.BoolVarP(&options.AllCiphers, "all-ciphers", "ac", false, "send all ciphers as accepted inputs"),
+		flagSet.BoolVarP(&options.AllCiphers, "all-ciphers", "ac", true, "send all ciphers as accepted inputs"),
 		flagSet.BoolVarP(&options.Cert, "certificate", "cert", false, "include certificates in json output (PEM format)"),
 		flagSet.BoolVarP(&options.TLSChain, "tls-chain", "tc", false, "include certificates chain in json output"),
 		flagSet.BoolVarP(&options.VerifyServerCertificate, "verify-cert", "vc", false, "enable verification of server certificate"),

diff --git a/go.mod b/go.mod
@@ -6,49 +6,76 @@ require (
 	github.com/hdm/jarm-go v0.0.7
 	github.com/json-iterator/go v1.1.12
 	github.com/logrusorgru/aurora v2.0.3+incompatible
+	github.com/miekg/dns v1.1.50
 	github.com/pkg/errors v0.9.1
+	github.com/projectdiscovery/dnsx v1.1.0
 	github.com/projectdiscovery/fastdialer v0.0.16-0.20220620143737-2ba20b53770a
 	github.com/projectdiscovery/fileutil v0.0.0-20220609150212-453ac591c36c
-	github.com/projectdiscovery/goflags v0.0.8
+	github.com/projectdiscovery/goflags v0.0.9
 	github.com/projectdiscovery/gologger v1.1.4
 	github.com/projectdiscovery/iputil v0.0.0-20220613112553-9b6873b2c619
 	github.com/projectdiscovery/mapcidr v1.0.1
+	github.com/projectdiscovery/sliceutil v0.0.0-20220617151003-15892688e1d6
 	github.com/projectdiscovery/stringsutil v0.0.0-20220612082425-0037ce9f89f3
 	github.com/rs/xid v1.4.0
+	github.com/spacemonkeygo/openssl v0.0.0-20181017203307-c2dcc5cca94a
 	github.com/zmap/zcrypto v0.0.0-20220605182715-4dfcec6e9a8c
 	go.uber.org/multierr v1.8.0
 )
 
 require (
+	github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect
+	github.com/DataDog/zstd v1.4.5 // indirect
 	github.com/akrylysov/pogreb v0.10.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/cespare/xxhash v1.1.0 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
 	github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
+	github.com/cockroachdb/errors v1.8.1 // indirect
+	github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f // indirect
+	github.com/cockroachdb/pebble v0.0.0-20210728210723-48179f1d4dae // indirect
+	github.com/cockroachdb/redact v1.0.8 // indirect
+	github.com/cockroachdb/sentry-go v0.6.1-cockroachdb.2 // indirect
+	github.com/dgraph-io/badger v1.6.2 // indirect
+	github.com/dgraph-io/ristretto v0.0.3 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
+	github.com/dustin/go-humanize v1.0.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/gogo/protobuf v1.3.1 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
+	github.com/klauspost/compress v1.11.7 // indirect
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/microcosm-cc/bluemonday v1.0.18 // indirect
-	github.com/miekg/dns v1.1.43 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/projectdiscovery/blackrock v0.0.0-20210415162320-b38689ae3a2e // indirect
+	github.com/projectdiscovery/blackrock v0.0.0-20210903102120-5a9d2412d21d // indirect
 	github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345 // indirect
-	github.com/projectdiscovery/hmap v0.0.2-0.20210917080408-0fd7bd286bfa // indirect
+	github.com/projectdiscovery/hmap v0.0.2 // indirect
 	github.com/projectdiscovery/networkpolicy v0.0.1 // indirect
-	github.com/projectdiscovery/retryabledns v1.0.13-0.20210916165024-76c5b76fd59a // indirect
+	github.com/projectdiscovery/retryabledns v1.0.13 // indirect
 	github.com/projectdiscovery/retryablehttp-go v1.0.2 // indirect
+	github.com/rogpeppe/go-internal v1.8.0 // indirect
 	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
+	github.com/spacemonkeygo/spacelog v0.0.0-20180420211403-2296661a0572 // indirect
 	github.com/syndtr/goleveldb v1.0.0 // indirect
 	github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 // indirect
 	github.com/weppos/publicsuffix-go v0.15.1-0.20220329081811-9a40b608a236 // indirect
 	github.com/yl2chen/cidranger v1.0.2 // indirect
 	github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
 	golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 // indirect
+	golang.org/x/exp v0.0.0-20200513190911-00229845015e // indirect
+	golang.org/x/mod v0.5.1 // indirect
 	golang.org/x/net v0.0.0-20220617184016-355a448f1bc9 // indirect
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.9 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )