blob: e76e61c6a47e273bfed8c52974ce048a19e976ed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
# go-fakessl
`go-fakessl` is a pentesting tool designed to clone SSL/TLS certificates from a target server and create a new, self-signed look-alike certificate using its public key. This tool can be used for testing SSL/TLS security and inspecting server certificates. It also allows you to run a local HTTPS server with the cloned certificate for testing purposes.
> **WARNING**: This tool is for **authorized security testing only**. Unauthorized use may violate laws and regulations. The author and contributors are not responsible for misuse. Always obtain explicit permission before testing any system.
## Features
- **Clone SSL Certificates**: Clone SSL/TLS certificates from target servers by specifying their URL.
- **Generate New Certificate and Key**: Create a new certificate using the cloned public key and a freshly generated RSA private key.
- **Run HTTPS Server**: Start an HTTPS server locally using the cloned certificate for testing.
- **Inspect Certificates**: Use `openssl` commands to inspect the original and cloned certificates.
## Installation
### Prerequisites
- **Go**: Version 1.18 or later.
- **OpenSSL**: For inspecting and comparing certificates.
### Steps
- Clone the repository:
```
$ git clone https://cgit.heqnx.com/go-fakessl
$ cd go-fakessl
```
- Install dependencies:
```
$ go mod tidy
```
- Build for all platforms:
```
$ make all
```
- Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform:
```
$ make linux-amd64
$ make windows-amd64
$ make darwin-arm64
```
- (Optional) Run directly with Go:
```
$ go run main.go [-cert <cert> -key <key> -port <port] -url <url>
```
## Usage
### Command-Line Flags
```
Usage of ./go-fakessl-<platform>-<arch>:
-cert string
path to certificate file to use for a test https server
-key string
path to key file to use for a test https server
-port string
port to use for a test https server (default "8000")
-url string
target https url to clone certificate from (e.g. https://google.com)
```
## Examples
### Clone the SSL certificate of google.com
```
$ ./go-fakessl-linux-amd64 -url https://google.com
url cloned cert private key
google.com:443 google.com_clone.pem google.com_clone.key
[inf] start an https server to test cloned certificate with:
$ ./go-fakessl-linux-amd64 -cert google.com_clone.pem -key google.com_clone.key -port 8000
[inf] manually inspect and diff the original certificate and cloned certificate with:
$ openssl s_client -connect google.com:443 </dev/null 2>/dev/null | openssl x509 -noout -text > google.com_original.txt
$ openssl x509 -in google.com_clone.pem -noout -text > google.com_clone.pem_clone.txt
$ diff *.txt
```
## License
This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the LICENSE file for details.
## Disclaimer
`go-fakessl` is provided "as is" without warranty. The author and contributors are not liable for any damages or legal consequences arising from its use. Use responsibly and only in authorized environments.
|