Ticketbleed tester, modified to accept command line target.

ticketbleed.go

/* ticketbleed.go - tests for ticketbleed session ticket reuse bug in F5 TLS
based on @FiloSottile's post https://gist.github.com/FiloSottile/fc7822b1f5b475a25e58d77d1b394860
set for testing :443 only

usage:
$ go run ticketbleed.go example.com

or to compile it:
$ go build ticketbleed.go
$ ./ticketbleed example.com
*/

package main

import (
	"os"
	"crypto/tls"
	"fmt"
	"log"
	"strings"
)

var Target = ""

func main() {
    if len(os.Args) > 1 && os.Args[1] != "" {
    	Target = os.Args[1]+":443"
	    fmt.Println("Testing: ",Target)
    } else {
    	log.Fatalln("Please specify a host to test")
    }

	conf := &tls.Config{
		InsecureSkipVerify: true,
		ClientSessionCache: tls.NewLRUClientSessionCache(32),
	}

	conn, err := tls.Dial("tcp", Target, conf)
	if err != nil {
		log.Fatalln("Failed to connect:", err)
	}
	conn.Close()

	conn, err = tls.Dial("tcp", Target, conf)
	if err != nil && strings.Contains(err.Error(), "unexpected message") {
		fmt.Println(Target, "is vulnerable to Ticketbleed")
	} else if err != nil {
		log.Fatalln("Failed to reconnect:", err)
	} else {
		fmt.Println(Target, "does NOT appear to be vulnerable")
		conn.Close()
	}
}