search

sensepost / gowitness

🔍 gowitness - a golang, web screenshot utility using Chrome Headless
GNU General Public License v3.0
2.87k stars 329 forks source link

File with info like public key algorithm, signature algorithm, etc. #90

Closed frapava98 closed 3 years ago

frapava98 commented 3 years ago

Unlike an older version of gowitness, I am now unable to find this type of information after running the following command: gowitness single <url> Once this information was printed on the terminal, so I could save it to a file. Is there a way now to get that information?

leonjza commented 3 years ago

Since v2, all of the data is in the sqlite database that gets generated. You can query for TLS information for each URL using something like this:

select urls.final_url, tls_certificates.* from urls left join tls_certificates where urls.id = tls_certificates.tls_id;

Example:

$ ~/scratch _ docker run --rm -v $(pwd):/data leonjza/gowitness gowitness file -f domains.txt
05 Mar 2021 17:07:03 INF preflight result statuscode=200 title=Google url=https://www.google.com
05 Mar 2021 17:07:04 INF preflight result statuscode=200 title= url=https://twitter.com
05 Mar 2021 17:07:04 INF preflight result statuscode=200 title="Facebook _ log in or sign up" url=https://facebook.com
05 Mar 2021 17:07:08 INF processing complete

$ ~/scratch _ sqlite3 gowitness.sqlite3
SQLite version 3.31.1 2020-01-27 19:55:54
Enter ".help" for usage hints.
sqlite> .headers on
sqlite> select urls.final_url, tls_certificates.* from urls left join tls_certificates where urls.id = tls_certificates.tls_id;
final_url|id|created_at|updated_at|deleted_at|tls_id|raw|subject_common_name|issuer_common_name|signature_algorithm
https://www.google.com|1|2021-03-05 17:07:03.990369658+00:00|2021-03-05 17:07:03.990369658+00:00||1||www.google.com|GTS CA 1O1|SHA256-RSA
https://www.google.com|2|2021-03-05 17:07:03.990369658+00:00|2021-03-05 17:07:03.990369658+00:00||1||GTS CA 1O1|GlobalSign|SHA256-RSA
https://twitter.com|3|2021-03-05 17:07:04.339120155+00:00|2021-03-05 17:07:04.339120155+00:00||2||twitter.com|DigiCert SHA2 High Assurance Server CA|SHA256-RSA
https://twitter.com|4|2021-03-05 17:07:04.339120155+00:00|2021-03-05 17:07:04.339120155+00:00||2||DigiCert SHA2 High Assurance Server CA|DigiCert High Assurance EV Root CA|SHA256-RSA
https://www.facebook.com/|5|2021-03-05 17:07:04.631039165+00:00|2021-03-05 17:07:04.631039165+00:00||3||*.facebook.com|DigiCert SHA2 High Assurance Server CA|SHA256-RSA
https://www.facebook.com/|6|2021-03-05 17:07:04.631039165+00:00|2021-03-05 17:07:04.631039165+00:00||3||DigiCert SHA2 High Assurance Server CA|DigiCert High Assurance EV Root CA|SHA256-RSAsqlite>