aboutsummaryrefslogtreecommitdiff

go-fakessl

go-fakessl is a pentesting tool designed to clone SSL/TLS certificates from a target server and create a new, self-signed look-alike certificate using its public key. This tool can be used for testing SSL/TLS security and inspecting server certificates. It also allows you to run a local HTTPS server with the cloned certificate for testing purposes.

WARNING: This tool is for authorized security testing only. Unauthorized use may violate laws and regulations. The author and contributors are not responsible for misuse. Always obtain explicit permission before testing any system.

Features

  • Clone SSL Certificates: Clone SSL/TLS certificates from target servers by specifying their URL.
  • Generate New Certificate and Key: Create a new certificate using the cloned public key and a freshly generated RSA private key.
  • Run HTTPS Server: Start an HTTPS server locally using the cloned certificate for testing.
  • Inspect Certificates: Use openssl commands to inspect the original and cloned certificates.

Installation

Prerequisites

  • Go: Version 1.18 or later.
  • OpenSSL: For inspecting and comparing certificates.

Steps

  • Clone the repository:
$ git clone https://cgit.heqnx.com/go-fakessl
$ cd go-fakessl
  • Install dependencies:
$ go mod tidy
  • Build for all platforms:
$ make all
  • Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform:
$ make linux-amd64
$ make windows-amd64
$ make darwin-arm64
  • (Optional) Run directly with Go:
$ go run main.go [-cert <cert> -key <key> -port <port] -url <url>

Usage

Command-Line Flags

Usage of ./go-fakessl-<platform>-<arch>:
  -cert string
        path to certificate file to use for a test https server
  -key string
        path to key file to use for a test https server
  -port string
        port to use for a test https server (default "8000")
  -url string
        target https url to clone certificate from (e.g. https://google.com)

Examples

Clone the SSL certificate of google.com

$ ./go-fakessl-linux-amd64 -url https://google.com
url             cloned cert             private key
google.com:443  google.com_clone.pem    google.com_clone.key

[inf] start an https server to test cloned certificate with:
$ ./go-fakessl-linux-amd64 -cert google.com_clone.pem -key google.com_clone.key -port 8000

[inf] manually inspect and diff the original certificate and cloned certificate with:
$ openssl s_client -connect google.com:443 </dev/null 2>/dev/null | openssl x509 -noout -text > google.com_original.txt
$ openssl x509 -in google.com_clone.pem -noout -text > google.com_clone.pem_clone.txt
$ diff *.txt

License

This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the LICENSE file for details.

Disclaimer

go-fakessl is provided "as is" without warranty. The author and contributors are not liable for any damages or legal consequences arising from its use. Use responsibly and only in authorized environments.

generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 21:00:47 +0000