mfctscan

command module

v1.0.0 Latest Latest Go to latest Published: Dec 21, 2020 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jasonmf/mfctscan

Links

Open Source Insights

README ¶

mfctscan

mfctscan scans Google's Certificate Transparency system for hostnames under a given domain, inspired by https://github.com/tares003/ct-exposer.

It reads domains from STDIN, scans them in parallel, performs DNS resolution on the discovered names, and writes the results to STDOUT as a CSV. Hostnames that administrators consider secret may be less protected, and may not realize that certificate transparency makes many hostnames public.

Building

mfctscan is written in Go and requires the Go toolchain to build.

go build -o mfctscan -ldflags="-s -w" *.go

To retain debug symbols, resulting in a larger binary, omit -ldflags="-s -w".

The resulting binary is statically-compiled, requiring no dependencies. The tool is written in pure Go and can be compile for any OS Go supports (Linux, Windows, Mac, etc) and any architecture go supports (amd64, x86, ARM, etc). You can can cross compile for other OSs and architectures.

Running

$ ./mfctscan -h
Usage of /tmp/mfctscan:
  -max-pages int
        maximum result pages per domain (default 50)
  -resolvers int
        number of concurrent resovlers. More is safe but won't speed things up much (default 10)
  -scanners int
        number of concurrent scanners. More will make things faster but risk rate limiting (default 5)

Domains to scan are read from STDIN, one per line. Each line has leading and trailing whitespace stripped. Stripped lines that are empty or begin with a # are ignored. Duplicate lines are processed only once.

Each line to be processed is added to a queue. Multiple scan workers process the queue in parallel. Increasing the number of scan worker can speed up scanning the domains significantly but increases the risk of being rate limited or blocked.

Scan results from Google are returned with pagination. -max-pages controls the maximum number of pages retrieved, limiting results.

Discovered names go into an internal queue for DNS resolution. Multiple DNS resolution workers process the queue in parallel. Increasing the number of DNS resolution workers is relatively safe but won't have a huge effect on performance.

Results are streamed to STDOUT as CSV data with the following columns:

<source domain>
<discovered name>
<resolved address> - May be absent
<error in DNS resolution> - May be absent

When a discovered name has multiple DNS results, each result becomes a distinct row in the CSV output.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL