search

prbinu / tls-scan

An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
https://prbinu.github.io/tls-scan
Other
283 stars 54 forks source link

IPv6 address in `--connect` do not work and IP get's malformed #28

Closed stayallive closed 5 years ago

stayallive commented 5 years ago 
# ❯ ./tls-scan --ip --sni='cert.chief.app' --connect='2a0b:3c40:15:0:185:208:210:201:443' --cacert='cacert.pem'
parsing: ip: 2a0b:3c40:15:0:185:208:210:201:443; 
parsing: ip: 2a0b:3c40:15:0:185:208:210:201; 
trying: ip: 2a0b:3c40:15:0:185:208:210; port:201 
host: ; ip: 2a0b:3c40:15:0:185:208:210; error: Failed to connect remote ip
 pid: 29326 | ciphers: (0) |dns-lookup: 1 |network-error: 0 |dns-errcount: 0 |remote-close-error: 0 |unknown-error: 0 |connect-error: 1 |timeout-error: 0 |tls-handshake: 0 |gross-tls-handshake: 0 |elapsed-time: 0.14575 secs

It looks like when specifying an IPv6 address using the --connect option the IP get's parsed twice striping the last part of an IPv6 address to be used as port which breaks the connection for obvious reasons 😄

As you can see I have been trying to debug this to see if I can find a solution but my C is not very good unfortunately and I was unable to figure out a solution...

I also tried using [ipv6]:port but that made it even worse and looking at the code that is not a format that can be handled.

Hope this is an easy for for someone that knows what they are doing.

prbinu commented 5 years ago

Thanks for reporting this issue. I'm working on a fix and hopefully we have it ready in couple of days.

stayallive commented 5 years ago

No worries, thanks for taking the time to look into it!

prbinu commented 5 years ago

fixed in https://github.com/prbinu/tls-scan/releases/tag/0.2.1

try --connect [ipv6]:port

stayallive commented 5 years ago

@prbinu thanks for being so quick! Much appreciated.

I did notice that now there is a address_family added to the output:

address_family: 2\n
{{{ "version": 3, "subject": "CN=Let's Encrypt Authority X3; O=Let's Encrypt; C=US", "issuer": "CN=DST Root CA X3; O=Digital Signature Trust Co.", "subjectCN": "Let's Encrypt Authority X3", "signatureAlg": "sha256WithRSAEncryption", "notBefore": "Mar 17 16:40:46 2016 GMT", "notAfter": "Mar 17 16:40:46 2021 GMT", "expired": false, "serialNo": "0A:01:41:42:00:00:01:53:85:73:6A:0B:85:EC:A7:08", "keyUsage": "Digital Signature, Certificate Sign, CRL Sign critical", "publicKeyAlg": "RSA", "publicKeySize": 2048, "basicConstraints": "CA:TRUE, pathlen:0 critical", "subjectKeyIdentifier": "A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1", "sha1Fingerprint": "E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB" } ] }\n

Maybe this was unintended?

prbinu commented 5 years ago

my bad, thanks for reporting this issue. I've removed the debug statement, and it should be good now.

stayallive commented 5 years ago

Many thanks!