diff --git a/cmd/certdump/certdump.go b/cmd/certdump/certdump.go
index f6bf89a..c942b98 100644
--- a/cmd/certdump/certdump.go
+++ b/cmd/certdump/certdump.go
@@ -10,6 +10,7 @@ import (
 	"flag"
 	"fmt"
 	"io/ioutil"
+	"os"
 	"strings"
 
 	"github.com/cloudflare/cfssl/helpers"
@@ -213,14 +214,23 @@ func main() {
 	flag.BoolVar(&leafOnly, "l", false, "only show the leaf certificate")
 	flag.Parse()
 
-	for _, filename := range flag.Args() {
-		fmt.Printf("--%s ---\n", filename)
-		in, err := ioutil.ReadFile(filename)
+	if flag.NArg() == 0 || (flag.NArg() == 1 && flag.Arg(1) == "-") {
+		certs, err := ioutil.ReadAll(os.Stdin)
 		if err != nil {
-			Warn(err, "couldn't read certificate")
-			continue
+			Warn(err, "couldn't read certificates from standard input")
+			os.Exit(1)
 		}
+		displayAllCerts(certs, leafOnly)
+	} else {
+		for _, filename := range flag.Args() {
+			fmt.Printf("--%s ---\n", filename)
+			in, err := ioutil.ReadFile(filename)
+			if err != nil {
+				Warn(err, "couldn't read certificate")
+				continue
+			}
 
-		displayAllCerts(in, leafOnly)
+			displayAllCerts(in, leafOnly)
+		}
 	}
 }
diff --git a/cmd/stealchain/thief.go b/cmd/stealchain/thief.go
index ebb9aa0..82e3a72 100644
--- a/cmd/stealchain/thief.go
+++ b/cmd/stealchain/thief.go
@@ -7,6 +7,7 @@ import (
 	"flag"
 	"fmt"
 	"io/ioutil"
+	"net"
 	"os"
 
 	"github.com/kisom/goutils/die"
@@ -39,7 +40,11 @@ func main() {
 	}
 
 	for _, site := range flag.Args() {
-		conn, err := tls.Dial("tcp", site+":443", cfg)
+		_, _, err := net.SplitHostPort(site)
+		if err != nil {
+			site += ":443"
+		}
+		conn, err := tls.Dial("tcp", site, cfg)
 		if err != nil {
 			fmt.Println(err.Error())
 			os.Exit(1)