acheong08 · November 17, 2023 01:14
diff --git a/tls_finger.go b/tls_finger.go
 // To do: Make this into a full blown site that monitors the internet for changes in TLS fingerprints

 package main

 import (
 	"crypto/sha256"
 	"crypto/tls"
 	"encoding/hex"
 	"flag"
 	"fmt"
 	"log"
 	"strings"
 	"time"
 )

 func GetTLSFingerprint(timeout int, host string) (string, error) {
 	ch := make(chan string, 1)
 	cherr := make(chan error, 1)
 	go func() {
 		conn, err := tls.Dial("tcp", host, &tls.Config{
 			InsecureSkipVerify: true, // Skip verification for this example
 		})
 		if err != nil {
 			cherr <- err
 		}
 		defer conn.Close()
 		// Get the ConnectionState which includes the server certificate
 		connState := conn.ConnectionState()
 		if len(connState.PeerCertificates) == 0 {
 			cherr <- err
 		}

 		// Get the first certificate
 		cert := connState.PeerCertificates[0]

 		// Compute SHA-256 hash of the DER-encoded certificate
 		hash := sha256.Sum256(cert.Raw)
 		fingerprint := hex.EncodeToString(hash[:])
 		ch <- fingerprint
 	}()
 	select {
 	case fingerprint := <-ch:
 		return fingerprint, nil
 	case err := <-cherr:
 		return "", err
 	case <-time.After(time.Duration(timeout) * time.Second):
 		return "", fmt.Errorf("timeout")
 	}
 }

 func main() {
 	var host string
 	var timeout int
 	flag.StringVar(&host, "host", "", "HTTPS server to scan")
 	flag.IntVar(&timeout, "timeout", 5, "Timeout in seconds")
 	flag.Parse()
 	if host == "" {
 		// Show flag usage
 		flag.Usage()
 		return
 	}
 	if len(strings.Split(host, ":")) == 1 {
 		// Add default port
 		host += ":443"
 	}
 	if strings.HasPrefix(host, "http://") {
 		fmt.Println("This does not work with HTTP")
 		return
 	}
 	host = strings.Replace(host, "https://", "", 1)
 	fingerprint, err := GetTLSFingerprint(timeout, host)
 	if err != nil {
 		log.Fatal(err)
 	}
 	fmt.Printf("TLS Fingerprint of %s: %s\n", host, fingerprint)

 }
	// To do: Make this into a full blown site that monitors the internet for changes in TLS fingerprints

	package main

	import (
	"crypto/sha256"
	"crypto/tls"
	"encoding/hex"
	"flag"
	"fmt"
	"log"
	"strings"
	"time"
	)

	func GetTLSFingerprint(timeout int, host string) (string, error) {
	ch := make(chan string, 1)
	cherr := make(chan error, 1)
	go func() {
	conn, err := tls.Dial("tcp", host, &tls.Config{
	InsecureSkipVerify: true, // Skip verification for this example
	})
	if err != nil {
	cherr <- err
	}
	defer conn.Close()
	// Get the ConnectionState which includes the server certificate
	connState := conn.ConnectionState()
	if len(connState.PeerCertificates) == 0 {
	cherr <- err
	}

	// Get the first certificate
	cert := connState.PeerCertificates[0]

	// Compute SHA-256 hash of the DER-encoded certificate
	hash := sha256.Sum256(cert.Raw)
	fingerprint := hex.EncodeToString(hash[:])
	ch <- fingerprint
	}()
	select {
	case fingerprint := <-ch:
	return fingerprint, nil
	case err := <-cherr:
	return "", err
	case <-time.After(time.Duration(timeout) * time.Second):
	return "", fmt.Errorf("timeout")
	}
	}

	func main() {
	var host string
	var timeout int
	flag.StringVar(&host, "host", "", "HTTPS server to scan")
	flag.IntVar(&timeout, "timeout", 5, "Timeout in seconds")
	flag.Parse()
	if host == "" {
	// Show flag usage
	flag.Usage()
	return
	}
	if len(strings.Split(host, ":")) == 1 {
	// Add default port
	host += ":443"
	}
	if strings.HasPrefix(host, "http://") {
	fmt.Println("This does not work with HTTP")
	return
	}
	host = strings.Replace(host, "https://", "", 1)
	fingerprint, err := GetTLSFingerprint(timeout, host)
	if err != nil {
	log.Fatal(err)
	}
	fmt.Printf("TLS Fingerprint of %s: %s\n", host, fingerprint)

	}