64 lines
1.2 KiB
Go
64 lines
1.2 KiB
Go
|
package main
|
||
|
|
||
|
import (
|
||
|
"crypto/tls"
|
||
|
"crypto/x509"
|
||
|
"encoding/pem"
|
||
|
"flag"
|
||
|
"fmt"
|
||
|
"io/ioutil"
|
||
|
"os"
|
||
|
|
||
|
"github.com/kisom/goutils/die"
|
||
|
)
|
||
|
|
||
|
func main() {
|
||
|
var cfg = &tls.Config{}
|
||
|
|
||
|
var sysRoot, serverName string
|
||
|
flag.StringVar(&sysRoot, "ca", "", "provide an alternate CA bundle")
|
||
|
flag.StringVar(&cfg.ServerName, "sni", cfg.ServerName, "provide an SNI name")
|
||
|
flag.BoolVar(&cfg.InsecureSkipVerify, "noverify", false, "don't verify certificates")
|
||
|
flag.Parse()
|
||
|
|
||
|
if sysRoot != "" {
|
||
|
pemList, err := ioutil.ReadFile(sysRoot)
|
||
|
die.If(err)
|
||
|
|
||
|
roots := x509.NewCertPool()
|
||
|
if !roots.AppendCertsFromPEM(pemList) {
|
||
|
fmt.Printf("[!] no valid roots found")
|
||
|
roots = nil
|
||
|
}
|
||
|
|
||
|
cfg.RootCAs = roots
|
||
|
}
|
||
|
|
||
|
if serverName != "" {
|
||
|
cfg.ServerName = serverName
|
||
|
}
|
||
|
|
||
|
for _, site := range flag.Args() {
|
||
|
conn, err := tls.Dial("tcp", site+":443", cfg)
|
||
|
if err != nil {
|
||
|
fmt.Println(err.Error())
|
||
|
os.Exit(1)
|
||
|
}
|
||
|
|
||
|
cs := conn.ConnectionState()
|
||
|
var chain []byte
|
||
|
|
||
|
for _, cert := range cs.PeerCertificates {
|
||
|
p := &pem.Block{
|
||
|
Type: "CERTIFICATE",
|
||
|
Bytes: cert.Raw,
|
||
|
}
|
||
|
chain = append(chain, pem.EncodeToMemory(p)...)
|
||
|
}
|
||
|
|
||
|
err = ioutil.WriteFile(site+".pem", chain, 0644)
|
||
|
die.If(err)
|
||
|
fmt.Printf("[+] wrote %s.pem.\n", site)
|
||
|
}
|
||
|
}
|