hakcsp
hakcsp copied to clipboard
hakluke
hakcsp not scanning domains with expired certificates
Hello, I open a new issue since I can't open a PR. When using the tool I found that it is not scanning any domain with an expired (or misconfigured) SSL certificate, I coded a solution for my personal usage but I'm open to sharing this here. This is the final code:
package main
import (
"bufio"
"crypto/tls"
"flag"
"fmt"
"log"
"net/http"
"os"
"strings"
"sync"
)
func main() {
concurrencyPtr := flag.Int("t", 8, "Number of threads to utilise. Default is 8.")
flag.Parse()
work := make(chan string)
go func() {
s := bufio.NewScanner(os.Stdin)
for s.Scan() {
work <- s.Text()
}
close(work)
}()
wg := &sync.WaitGroup{}
for i := 0; i < *concurrencyPtr; i++ {
wg.Add(1)
go doWork(work, wg)
}
wg.Wait()
}
func doWork(work chan string, wg *sync.WaitGroup) {
defer wg.Done()
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
for url := range work {
resp, err := client.Get(url)
if err != nil {
// Check if error message contains "EOF", and if so, skip logging.
if !strings.Contains(err.Error(), "EOF") {
log.Println("Error fetching url:", err)
}
continue
}
value := resp.Header.Get("Content-Security-Policy")
for _, s := range strings.Split(value, " ") {
if strings.Contains(s, ".") {
fmt.Println(s)
}
}
}
}
Regards!
