README
¶
certgrep 
certgrep is a cross-platform command line tool that extracts SSL certificates from either a network interface or a local PCAP file. The certificates are saved in either JSON, DER and/or YAML format.
Utilizes [google/gopacket] (https://github.com/google/gopacket)
Usage
Usage:
certgrep [options] [--format=<format> ...] [-v ...] (-p=<pcap> | -i=<interface>)
certgrep -l | --list
certgrep -h | --help | --version
Options:
-h --help Show this screen.
--version Show version.
-p --pcap=<pcap> PCAP file to parse
-i --interface=<iface> Network interface to listen on
-l --list List available interfaces
-o --output=<output> Output directory
-f --format=<format> Output format (json|yaml|der) [default: json]
-b --bpf=<bpf> Capture filter [default: tcp]
--no-color Disabled colored output
-v Enable verbose logging (-vv for very verbose)
--assembly-memuse-log
--assembly-debug-log
--dump-metrics
Example
$ $ sudo ./certgrep-linux-amd64 -i wlan0 --format der --format json -o /tmp/capture/
2015/04/19 18:46:07 writing to /tmp/capture/2015-04-19T16_46_07Z
2015/04/19 18:46:09 server:192.30.252.129 port:443 client:192.168.5.136 commonname:"github.com" serial:15953718796281471505685363726901697671 fingerprint:58875244d86012b0fbd5f6c06ef16efca20e158d58e96e6f76ceda6660b59bc2
2015/04/19 18:46:09 server:192.30.252.129 port:443 client:192.168.5.136 commonname:"DigiCert SHA2 Extended Validation Server CA" serial:16582437038678467094619379592629788035 fingerprint:403e062a2653059113285baf80a0d4ae422c848c9f78fad01fc94bc5b87fef1a
^C
2015/04/19 18:46:12 capture time: 2 seconds
2015/04/19 18:46:12 capture size: 28802 bytes
2015/04/19 18:46:12 average capture rate: 102.287 Kbit/s
2015/04/19 18:46:12 pps: 10
A request to https://github.com generates four certificates in the output folder /tmp/capture/2015-04-19T16_43_35Z.
$ ls -Al /tmp/capture/2015-04-19T16_46_07Z
total 24K
-rw-r--r-- 1 root root 1,5K april 19 18:46 00000003-00-5887524-192.30.252.129-443-192.168.5.136-github.com.der
-rw-r--r-- 1 root root 6,8K april 19 18:46 00000003-00-5887524-192.30.252.129-443-192.168.5.136-github.com.json
-rw-r--r-- 1 root root 1,2K april 19 18:46 00000003-01-403e062-192.30.252.129-443-192.168.5.136-DigiCertSHA2ExtendedValidationServerCA.der
-rw-r--r-- 1 root root 5,2K april 19 18:46 00000003-01-403e062-192.30.252.129-443-192.168.5.136-DigiCertSHA2ExtendedValidationServerCA.json
The syntax for the filename is:
TCPFLOWINDEX-CERTINDEX-SERVERIP-SERVERPORT-CLIENTIP-COMMONNAME.FORMAT
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Godeps
|
|
|
_workspace/src/github.com/docopt/docopt-go
Package docopt parses command-line arguments based on a help message.
|
Package docopt parses command-line arguments based on a help message. |
|
_workspace/src/github.com/google/gopacket
Package gopacket provides packet decoding for the Go language.
|
Package gopacket provides packet decoding for the Go language. |
|
_workspace/src/github.com/google/gopacket/afpacket
Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.
|
Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading. |
|
_workspace/src/github.com/google/gopacket/bytediff
Package bytediff provides a simple diff utility for looking at differences in byte slices.
|
Package bytediff provides a simple diff utility for looking at differences in byte slices. |
|
_workspace/src/github.com/google/gopacket/dumpcommand
Package dumpcommand implements a run function for pfdump and pcapdump with many similar flags/features to tcpdump.
|
Package dumpcommand implements a run function for pfdump and pcapdump with many similar flags/features to tcpdump. |
|
_workspace/src/github.com/google/gopacket/examples/arpscan
arpscan implements ARP scanning of all interfaces' local networks using gopacket and its subpackages.
|
arpscan implements ARP scanning of all interfaces' local networks using gopacket and its subpackages. |
|
_workspace/src/github.com/google/gopacket/examples/bidirectional
This binary provides an example of connecting up bidirectional streams from the unidirectional streams provided by gopacket/tcpassembly.
|
This binary provides an example of connecting up bidirectional streams from the unidirectional streams provided by gopacket/tcpassembly. |
|
_workspace/src/github.com/google/gopacket/examples/bytediff
This binary shows how to display byte differences to users via the bytediff library.
|
This binary shows how to display byte differences to users via the bytediff library. |
|
_workspace/src/github.com/google/gopacket/examples/httpassembly
This binary provides sample code for using the gopacket TCP assembler and TCP stream reader.
|
This binary provides sample code for using the gopacket TCP assembler and TCP stream reader. |
|
_workspace/src/github.com/google/gopacket/examples/pcapdump
The pcapdump binary implements a tcpdump-like command line tool with gopacket using pcap as a backend data collection mechanism.
|
The pcapdump binary implements a tcpdump-like command line tool with gopacket using pcap as a backend data collection mechanism. |
|
_workspace/src/github.com/google/gopacket/examples/pfdump
The pfdump binary implements a tcpdump-like command line tool with gopacket using pfring as a backend data collection mechanism.
|
The pfdump binary implements a tcpdump-like command line tool with gopacket using pfring as a backend data collection mechanism. |
|
_workspace/src/github.com/google/gopacket/examples/statsassembly
This binary provides sample code for using the gopacket TCP assembler raw, without the help of the tcpreader library.
|
This binary provides sample code for using the gopacket TCP assembler raw, without the help of the tcpreader library. |
|
_workspace/src/github.com/google/gopacket/examples/synscan
synscan implements a TCP syn scanner on top of pcap.
|
synscan implements a TCP syn scanner on top of pcap. |
|
_workspace/src/github.com/google/gopacket/examples/util
Package util provides shared utilities for all gopacket examples.
|
Package util provides shared utilities for all gopacket examples. |
|
_workspace/src/github.com/google/gopacket/layers
Package layers provides decoding layers for many common protocols.
|
Package layers provides decoding layers for many common protocols. |
|
_workspace/src/github.com/google/gopacket/macs
Package macs provides an in-memory mapping of all valid Ethernet MAC address prefixes to their associated organization.
|
Package macs provides an in-memory mapping of all valid Ethernet MAC address prefixes to their associated organization. |
|
_workspace/src/github.com/google/gopacket/pcap
Package pcap allows users of gopacket to read packets off the wire or from pcap files.
|
Package pcap allows users of gopacket to read packets off the wire or from pcap files. |
|
_workspace/src/github.com/google/gopacket/pcap/gopacket_benchmark
This benchmark reads in file <tempdir>/gopacket_benchmark.pcap and measures the time it takes to decode all packets from that file.
|
This benchmark reads in file <tempdir>/gopacket_benchmark.pcap and measures the time it takes to decode all packets from that file. |
|
_workspace/src/github.com/google/gopacket/pcapgo
Package pcapgo provides some native PCAP support, not requiring C libpcap to be installed.
|
Package pcapgo provides some native PCAP support, not requiring C libpcap to be installed. |
|
_workspace/src/github.com/google/gopacket/pfring
Package pfring wraps the PF_RING C library for Go.
|
Package pfring wraps the PF_RING C library for Go. |
|
_workspace/src/github.com/google/gopacket/routing
Package routing provides a very basic but mostly functional implementation of a routing table for IPv4/IPv6 addresses.
|
Package routing provides a very basic but mostly functional implementation of a routing table for IPv4/IPv6 addresses. |
|
_workspace/src/github.com/google/gopacket/tcpassembly
Package tcpassembly provides TCP stream re-assembly.
|
Package tcpassembly provides TCP stream re-assembly. |
|
_workspace/src/github.com/google/gopacket/tcpassembly/tcpreader
Package tcpreader provides an implementation for tcpassembly.Stream which presents the caller with an io.Reader for easy processing.
|
Package tcpreader provides an implementation for tcpassembly.Stream which presents the caller with an io.Reader for easy processing. |
|
_workspace/src/github.com/jtolds/gls
Package gls implements goroutine-local storage.
|
Package gls implements goroutine-local storage. |
|
_workspace/src/github.com/mgutz/ansi
Package ansi is a small, fast library to create ANSI colored strings and codes.
|
Package ansi is a small, fast library to create ANSI colored strings and codes. |
|
_workspace/src/github.com/rcrowley/go-metrics
Go port of Coda Hale's Metrics library <https://github.com/rcrowley/go-metrics> Coda Hale's original work: <https://github.com/codahale/metrics>
|
Go port of Coda Hale's Metrics library <https://github.com/rcrowley/go-metrics> Coda Hale's original work: <https://github.com/codahale/metrics> |
|
_workspace/src/github.com/rcrowley/go-metrics/stathat
Metrics output to StatHat.
|
Metrics output to StatHat. |
|
_workspace/src/github.com/smartystreets/assertions
Package assertions contains the implementations for all assertions which are referenced in goconvey's `convey` package (github.com/smartystreets/goconvey/convey) for use with the So(...) method.
|
Package assertions contains the implementations for all assertions which are referenced in goconvey's `convey` package (github.com/smartystreets/goconvey/convey) for use with the So(...) method. |
|
_workspace/src/github.com/smartystreets/assertions/internal/oglematchers
Package oglematchers provides a set of matchers useful in a testing or mocking framework.
|
Package oglematchers provides a set of matchers useful in a testing or mocking framework. |
|
_workspace/src/github.com/smartystreets/assertions/internal/oglemock/createmock
createmock is used to generate source code for mock versions of interfaces from installed packages.
|
createmock is used to generate source code for mock versions of interfaces from installed packages. |
|
_workspace/src/github.com/smartystreets/assertions/internal/oglemock/generate
Package generate implements code generation for mock classes.
|
Package generate implements code generation for mock classes. |
|
_workspace/src/github.com/smartystreets/assertions/internal/oglemock/generate/test_cases/complicated_pkg
Package complicated_pkg contains an interface with lots of interesting cases, for use in integration testing.
|
Package complicated_pkg contains an interface with lots of interesting cases, for use in integration testing. |
|
_workspace/src/github.com/smartystreets/assertions/internal/oglemock/generate/test_cases/renamed_pkg
A package that calls itself something different than its package path would have you believe.
|
A package that calls itself something different than its package path would have you believe. |
|
_workspace/src/github.com/smartystreets/assertions/internal/ogletest
Package ogletest provides a framework for writing expressive unit tests.
|
Package ogletest provides a framework for writing expressive unit tests. |
|
_workspace/src/github.com/smartystreets/goconvey/convey
Package convey contains all of the public-facing entry points to this project.
|
Package convey contains all of the public-facing entry points to this project. |
|
_workspace/src/github.com/smartystreets/goconvey/convey/gotest
Package gotest contains internal functionality.
|
Package gotest contains internal functionality. |
|
_workspace/src/github.com/smartystreets/goconvey/convey/reporting
Package reporting contains internal functionality related to console reporting and output.
|
Package reporting contains internal functionality related to console reporting and output. |
|
_workspace/src/gopkg.in/yaml.v2
Package yaml implements YAML support for the Go language.
|
Package yaml implements YAML support for the Go language. |
|
package tls partially implements TLS 1.2, as specified in RFC 5246.
|
package tls partially implements TLS 1.2, as specified in RFC 5246. |
Click to show internal directories.
Click to hide internal directories.