From f5dcbe2b150db60253dd4628d72814e7953b4f09 Mon Sep 17 00:00:00 2001 From: g0lden Date: Fri, 15 Mar 2024 16:39:15 -0500 Subject: [PATCH] added verbose flag and flag for roots.txt. Also fixed some stuff --- README.md | 8 ++++++- gungnir/main.go | 56 +++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 52 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index beceeef..38692b6 100644 --- a/README.md +++ b/README.md @@ -23,11 +23,17 @@ go install github.com/g0ldencybersec/gungnir/gungnir@latest ``` ## Usage +# Options +```sh +Usage of gungnir: + -r string Path to the list of root domains to filter against + -v Output go logs (500/429 errors) to command line +``` To run the tool, use a text file of root domains you want to monitor: `roots.txt`. Then, run the `gungnir` module: ```sh -./gungnir roots.txt +./gungnir -r roots.txt ``` Once the tool starts and initializes, it will print domains to stdout. So feel free to pipe the output into your favorite tool! diff --git a/gungnir/main.go b/gungnir/main.go index 8d8ff82..ab5578a 100644 --- a/gungnir/main.go +++ b/gungnir/main.go @@ -4,6 +4,7 @@ import ( "bufio" "context" "encoding/json" + "flag" "fmt" "io" "log" @@ -35,8 +36,24 @@ var ( matchSubjectRegex = `^(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}|localhost)$` // Regex to match CN/SAN rootDomains map[string]bool + sLogger = SilentLogger{} + bLogger = basicLogger{} ) +// SilentLogger is a custom logger that does nothing +type SilentLogger struct{} + +// Printf method for SilentLogger that does nothing +func (l *SilentLogger) Printf(format string, v ...interface{}) { + // Intentionally left blank to not log anything +} + +type basicLogger struct{} + +func (bl *basicLogger) Printf(msg string, args ...interface{}) { + log.Printf(msg, args...) +} + func getLogUrls() ([]string, error) { var logList []string client := &http.Client{ @@ -166,14 +183,24 @@ func createMatcherFromFlags() (interface{}, error) { PrecertificateSubjectRegex: precertRegex}, nil } -func scanLog(ctx context.Context, logURI string, wg *sync.WaitGroup, httpClient *http.Client) { +func scanLog(ctx context.Context, logURI string, wg *sync.WaitGroup, httpClient *http.Client, verbose bool) { defer wg.Done() + var logClient *client.LogClient + var err error log.Printf("Starting continuous scan for log: %s", logURI) - logClient, err := client.New(logURI, httpClient, jsonclient.Options{UserAgent: "ct-go-scanlog/1.0"}) - if err != nil { - log.Printf("Failed to create client for log %s: %v", logURI, err) - return + if verbose { + logClient, err = client.New(logURI, httpClient, jsonclient.Options{UserAgent: "ct-go-scanlog/1.0", Logger: &bLogger}) + if err != nil { + log.Printf("Failed to create client for log %s: %v", logURI, err) + return + } + } else { + logClient, err = client.New(logURI, httpClient, jsonclient.Options{UserAgent: "ct-go-scanlog/1.0", Logger: &sLogger}) + if err != nil { + log.Printf("Failed to create client for log %s: %v", logURI, err) + return + } } sth, err := logClient.GetSTH(ctx) @@ -187,8 +214,6 @@ func scanLog(ctx context.Context, logURI string, wg *sync.WaitGroup, httpClient log.Printf("Failed to create matcher for log %s: %v", logURI, err) return } - time.Sleep(time.Second * 10) - // Continous Scanning Loop certScanner := scanner.NewScanner(logClient, scanner.ScannerOptions{ FetcherOptions: scanner.FetcherOptions{ @@ -208,15 +233,24 @@ func scanLog(ctx context.Context, logURI string, wg *sync.WaitGroup, httpClient log.Printf("Failed to scan log %s: %v", logURI, err) // Consider whether to continue or break/return based on the type of error. } + } func main() { - if len(os.Args) > 1 { + var rootList string + var verbose bool + flag.StringVar(&rootList, "r", "", "Path to the list of root domains to filter against") + flag.BoolVar(&verbose, "v", false, "Output go logs (500/429 errors) to command line") + + flag.Parse() + + if rootList != "" { loadRootDomains(os.Args[1]) } else { fmt.Println("Please run with a roots.txt file...") - fmt.Println("ex: ./gungnir roots.txt") - os.Exit(1) + flag.PrintDefaults() + fmt.Println("ex: ./gungnir -r roots.txt") + os.Exit(0) } logURIs, err := getLogUrls() @@ -232,7 +266,7 @@ func main() { for _, logURI := range logURIs { wg.Add(1) - go scanLog(ctx, logURI, &wg, httpClient) + go scanLog(ctx, logURI, &wg, httpClient, verbose) } wg.Wait()