# go-fakessl `go-fakessl` is a pentesting tool designed to clone SSL/TLS certificates from a target server and create a new, self-signed look-alike certificate using its public key. This tool can be used for testing SSL/TLS security and inspecting server certificates. It also allows you to run a local HTTPS server with the cloned certificate for testing purposes. > **WARNING**: This tool is for **authorized security testing only**. Unauthorized use may violate laws and regulations. The author and contributors are not responsible for misuse. Always obtain explicit permission before testing any system. ## Features - **Clone SSL Certificates**: Clone SSL/TLS certificates from target servers by specifying their URL. - **Generate New Certificate and Key**: Create a new certificate using the cloned public key and a freshly generated RSA private key. - **Run HTTPS Server**: Start an HTTPS server locally using the cloned certificate for testing. - **Inspect Certificates**: Use `openssl` commands to inspect the original and cloned certificates. ## Installation ### Prerequisites - **Go**: Version 1.18 or later. - **OpenSSL**: For inspecting and comparing certificates. ### Steps - Clone the repository: ``` $ git clone https://cgit.heqnx.com/go-fakessl $ cd go-fakessl ``` - Install dependencies: ``` $ go mod tidy ``` - Build for all platforms: ``` $ make all ``` - Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform: ``` $ make linux-amd64 $ make windows-amd64 $ make darwin-arm64 ``` - (Optional) Run directly with Go: ``` $ go run main.go [-cert -key -port ``` ## Usage ### Command-Line Flags ``` Usage of ./go-fakessl--: -cert string path to certificate file to use for a test https server -key string path to key file to use for a test https server -port string port to use for a test https server (default "8000") -url string target https url to clone certificate from (e.g. https://google.com) ``` ## Examples ### Clone the SSL certificate of google.com ``` $ ./go-fakessl-linux-amd64 -url https://google.com url cloned cert private key google.com:443 google.com_clone.pem google.com_clone.key [inf] start an https server to test cloned certificate with: $ ./go-fakessl-linux-amd64 -cert google.com_clone.pem -key google.com_clone.key -port 8000 [inf] manually inspect and diff the original certificate and cloned certificate with: $ openssl s_client -connect google.com:443 /dev/null | openssl x509 -noout -text > google.com_original.txt $ openssl x509 -in google.com_clone.pem -noout -text > google.com_clone.pem_clone.txt $ diff *.txt ``` ## License This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the LICENSE file for details. ## Disclaimer `go-fakessl` is provided "as is" without warranty. The author and contributors are not liable for any damages or legal consequences arising from its use. Use responsibly and only in authorized environments.