Cassler - SSL Validator Tool

Cassler is an CA’s and SSL certificates analyzer. But if your read fast, it’s sounds like “Cassia Eller”

Tooling to validate HTTPS Certificates and Connections Around Web

Running Tests

go test -v -race

Running Linter

golint -set_exit_status ./...

Installation

Using Go tools

go get github.com/msfidelis/cassler

On MacOSX amd64

wget https://github.com/msfidelis/cassler/releases/download/v1.0.2/cassler_1.0.2_darwin_amd64 -O /usr/local/bin/cassler
chmod +x /usr/local/bin/cassler

On MacOSX arm64

wget https://github.com/msfidelis/cassler/releases/download/v1.0.2/cassler_1.0.2_darwin_arm64 -O /usr/local/bin/cassler
chmod +x /usr/local/bin/cassler

On Linux x64

wget https://github.com/msfidelis/cassler/releases/download/v1.0.2/cassler_1.0.2_linux_amd64 -O /usr/local/bin/cassler
chmod +x /usr/local/bin/cassler

Running on Docker

docker run -it fidelissauro/cassler:latest --url google.com

Usage

cassler -h
  -dns string
        DNS Server, default 8.8.8.8 (default "8.8.8.8")
  -lookup
        Check reverse DNS Lookup for hosts IP's
  -mode check
        Actions; Default: check; Available options `check` for check certificates, `tls` to test TLS connection, `scan` for complete checks on hosts (default "check")
  -port int
        Server port, default: 443 (default 443)
  -url string
        URL to validate SSL certificate,ex: https://google.com

Check Certificates

cassler --url google.com.br
Checking Certificates: google.com.br on port 443
Server Certificate:
Common Name: *.google.com.br
Issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
Subject: CN=*.google.com.br,O=Google LLC,L=Mountain View,ST=California,C=US
Signature Algorithm: SHA256-RSA
Created: 2020-09-22 15:29:04 +0000 UTC
Expires: 2020-12-15 15:29:04 +0000 UTC
Expiration time: 64 days
Certificate Version: 3
DNS Names:
- *.google.com.br
- google.com.br
Issuing Certificate URL's:
- http://pki.goog/gsr2/GTS1O1.crt
Server IP's: 
* 2800:3f0:4001:81b::2003
* 172.217.173.99
Certificate Authority:
GTS CA 1O1
Issuer: CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
Subject: CN=GTS CA 1O1,O=Google Trust Services,C=US
Signature Algorithm: SHA256-RSA
Created: 2017-06-15 00:00:42 +0000 UTC
Expires: 2021-12-15 00:00:42 +0000 UTC
Expiration time: 429 days
Certificate Version: 3

Check TLS Versions Enabled on Servers

cassler --url https://google.com --mode tls
Testing TLS Versions: google.com on port 443
TLS Versions Enabled on 2800:3f0:4001:813::200e:
- tls1.0: true
- tls1.1: true
- tls1.2: true
- tls1.3: true
TLS Versions Enabled on 172.217.162.142:
- tls1.0: true
- tls1.1: true
- tls1.2: true
- tls1.3: true

Check TLS Versions Enabled on Servers, with Reverse DNS Lookup

cassler --url https://google.com --mode tls --lookup
Testing TLS Versions: google.com on port 443
DNS Lookup on: 8.8.8.8
TLS Versions Enabled on 2800:3f0:4001:824::200e:
- tls1.0: true
- tls1.1: true
- tls1.2: true
- tls1.3: true
TLS Versions Enabled on 142.250.219.174:
- tls1.0: true
- tls1.1: true
- tls1.2: true
- tls1.3: true
Starting reverse DNS Lookup on:  2800:3f0:4001:824::200e:
Starting reverse DNS Lookup on:  142.250.219.174:
142.250.219.174:  gru06s63-in-f14.1e100.net.

Full Scan

cassler --url https://tls-v1-2.badssl.com --port 1012 --mode scan
Checking Certificates: tls-v1-2.badssl.com on port 1012
DNS Lookup on: 8.8.8.8
Server Certificate:
Common Name: *.badssl.com
Issuer: CN=R3,O=Let's Encrypt,C=US
Subject: CN=*.badssl.com
Signature Algorithm: SHA256-RSA
Created: 2022-08-12 14:57:46 +0000 UTC
Expires: 2022-11-10 14:57:45 +0000 UTC
Expiration time: 83 days
Certificate Version: 3
DNS Names:
- *.badssl.com
- badssl.com
Issuing Certificate URL's:
- http://r3.i.lencr.org/
Server IP's:
* 104.154.89.105
Certificate Authority:
R3
Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Subject: CN=R3,O=Let's Encrypt,C=US
Signature Algorithm: SHA256-RSA
Created: 2020-09-04 00:00:00 +0000 UTC
Expires: 2025-09-15 16:00:00 +0000 UTC
Expiration time: 1123 days
Certificate Version: 3
Issuing Certificate URL's:
- http://x1.i.lencr.org/
ISRG Root X1
Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Signature Algorithm: SHA256-RSA
Created: 2021-01-20 19:14:03 +0000 UTC
Expires: 2024-09-30 18:14:03 +0000 UTC
Expiration time: 773 days
Certificate Version: 3
Issuing Certificate URL's:
- http://apps.identrust.com/roots/dstrootcax3.p7c
Testing TLS Versions: tls-v1-2.badssl.com on port 1012
DNS Lookup on: 8.8.8.8
TLS Versions Enabled on 104.154.89.105:
- tls1.0: false
- tls1.1: false
- tls1.2: true
- tls1.3: false
Starting reverse DNS Lookup on:  104.154.89.105:
104.154.89.105:  105.89.154.104.bc.googleusercontent.com.

Specify a DNS Server

cassler --url raj.ninja --mode scan --dns 1.1.1.1
Checking Certificates: raj.ninja on port 443
DNS Lookup on: 1.1.1.1
Server Certificate:
Common Name: raj.ninja
Issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
Subject: CN=raj.ninja
Signature Algorithm: SHA256-RSA
Created: 2020-11-26 20:46:27 +0000 UTC
Expires: 2021-02-24 20:46:27 +0000 UTC
Expiration time: 78 days
Certificate Version: 3
DNS Names:
- raj.ninja
Issuing Certificate URL's:
- http://cert.int-x3.letsencrypt.org/
Server IP's:
* 185.199.110.153
* 185.199.111.153
* 185.199.109.153
* 185.199.108.153

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

MIT