add origin host field

Author: juzeon

README.md

@@ -56,19 +56,16 @@ Example stdout:
 Example output file:
 
 ```csv
-IP,DOMAIN,CERTIFICATE
-85.158.4.237,mirror.scaleuptech.com,"Let's Encrypt"
-193.224.218.31,mirror-r2z1.einfra.hu,"Sectigo Limited"
-103.77.111.8,repos.del.extreme-ix.org,"Let's Encrypt"
-103.56.39.228,*.nxtgen.com,"DigiCert Inc"
-103.77.111.8,repos.del.extreme-ix.org,"Let's Encrypt"
-45.125.0.6,xtom.com.hk,"ZeroSSL"
-196.200.160.70,mirror.marwan.ma,"Let's Encrypt"
-202.70.64.2,*.ntc.net.np,"GlobalSign nv-sa"
-5.79.108.33,mirror.leaseweb.com,"Let's Encrypt"
-78.142.193.130,xtom.nl,"ZeroSSL"
-194.127.172.131,nl.mirrors.clouvider.net,"Let's Encrypt"
-103.194.167.213,*.cdn.i3d.net,"Sectigo Limited"
-202.36.220.86,mirror.2degrees.nz,"Let's Encrypt"
+IP,ORIGIN,CERT_DOMAIN,CERT_ISSUER
+52.140.219.235,www.cherryservers.com,*.cherryservers.com,"GlobalSign nv-sa"
+172.66.40.234,veesp.com,veesp.com,"Cloudflare, Inc."
+172.66.43.22,veesp.com,veesp.com,"Cloudflare, Inc."
+193.1.193.205,www.heanet.ie,www.heanet.ie,"GEANT Vereniging"
+185.242.104.18,mirror.veesp.com,mirror.veesp.com,"Let's Encrypt"
+79.98.24.240,www.serveriai.lt,*.serveriai.lt,"Sectigo Limited"
+91.211.244.3,www.vpsnet.com,*.vpsnet.com,"Sectigo Limited"
+31.131.0.101,www.ihost.md,ihost.md,"Sectigo Limited"
+194.127.172.131,nl.mirrors.clouvider.net,nl.mirrors.clouvider.net,"Let's Encrypt"
+31.131.0.222,mirror.ihost.md,mirror.ihost.md,"Let's Encrypt"
 ```
 

main.go

@@ -4,7 +4,6 @@ import (
 	"flag"
 	"io"
 	"log/slog"
-	"net"
 	"net/http"
 	"os"
 	"regexp"
@@ -62,20 +61,20 @@ func main() {
 			return
 		}
 		defer f.Close()
-		_, _ = f.WriteString("IP,DOMAIN,CERTIFICATE\n")
+		_, _ = f.WriteString("IP,ORIGIN,CERT_DOMAIN,CERT_ISSUER\n")
 		outWriter = f
 	}
-	var ipChan <-chan net.IP
+	var hostChan <-chan Host
 	if addr != "" {
-		ipChan = Iterate(strings.NewReader(addr))
+		hostChan = Iterate(strings.NewReader(addr))
 	} else if in != "" {
 		f, err := os.Open(in)
 		if err != nil {
 			slog.Error("Error reading file", "path", in)
 			return
 		}
 		defer f.Close()
-		ipChan = Iterate(f)
+		hostChan = Iterate(f)
 	} else {
 		slog.Info("Fetching url...")
 		resp, err := http.Get(url)
@@ -96,15 +95,15 @@ func main() {
 		}
 		domains = RemoveDuplicateStr(domains)
 		slog.Info("Parsed domains", "count", len(domains))
-		ipChan = Iterate(strings.NewReader(strings.Join(domains, "\n")))
+		hostChan = Iterate(strings.NewReader(strings.Join(domains, "\n")))
 	}
 	outCh := OutWriter(outWriter)
 	defer close(outCh)
 	var wg sync.WaitGroup
 	wg.Add(thread)
 	for i := 0; i < thread; i++ {
 		go func() {
-			for ip := range ipChan {
+			for ip := range hostChan {
 				ScanTLS(ip, outCh)
 			}
 			wg.Done()

scanner.go

@@ -16,8 +16,8 @@ var TLSDictionary = map[uint16]string{
 	0x0304: "1.3",
 }
 
-func ScanTLS(ip net.IP, out chan<- string) {
-	hostPort := net.JoinHostPort(ip.String(), strconv.Itoa(port))
+func ScanTLS(host Host, out chan<- string) {
+	hostPort := net.JoinHostPort(host.IP.String(), strconv.Itoa(port))
 	conn, err := net.DialTimeout("tcp", hostPort, time.Duration(timeout)*time.Second)
 	if err != nil {
 		slog.Debug("Cannot dial", "target", hostPort)
@@ -29,11 +29,15 @@ func ScanTLS(ip net.IP, out chan<- string) {
 		slog.Error("Error setting deadline", "err", err)
 		return
 	}
-	c := tls.Client(conn, &tls.Config{
+	tlsCfg := &tls.Config{
 		InsecureSkipVerify: true,
 		NextProtos:         []string{"h2", "http/1.1"},
 		CurvePreferences:   []tls.CurveID{tls.X25519},
-	})
+	}
+	if host.Type == HostTypeDomain {
+		tlsCfg.ServerName = host.Origin
+	}
+	c := tls.Client(conn, tlsCfg)
 	err = c.Handshake()
 	if err != nil {
 		slog.Debug("TLS handshake failed", "target", hostPort)
@@ -50,9 +54,9 @@ func ScanTLS(ip net.IP, out chan<- string) {
 		log = slog.Debug
 		feasible = false
 	} else {
-		out <- strings.Join([]string{ip.String(), domain, "\"" + issuers + "\""}, ",") + "\n"
+		out <- strings.Join([]string{host.IP.String(), host.Origin, domain, "\"" + issuers + "\""}, ",") + "\n"
 	}
-	log("Connected to target", "feasible", feasible, "host", ip.String(),
-		"tls", TLSDictionary[state.Version],
-		"alpn", alpn, "domain", domain, "issuer", issuers)
+	log("Connected to target", "feasible", feasible, "ip", host.IP.String(),
+		"origin", host.Origin,
+		"tls", TLSDictionary[state.Version], "alpn", alpn, "cert-domain", domain, "cert-issuer", issuers)
 }

utils.go

@@ -10,11 +10,26 @@ import (
 	"strings"
 )
 
-func Iterate(reader io.Reader) <-chan net.IP {
+const (
+	_ = iota
+	HostTypeIP
+	HostTypeCIDR
+	HostTypeDomain
+)
+
+type HostType int
+
+type Host struct {
+	IP     net.IP
+	Origin string
+	Type   HostType
+}
+
+func Iterate(reader io.Reader) <-chan Host {
 	scanner := bufio.NewScanner(reader)
-	ipChan := make(chan net.IP)
+	hostChan := make(chan Host)
 	go func() {
-		defer close(ipChan)
+		defer close(hostChan)
 		for scanner.Scan() {
 			line := strings.TrimSpace(scanner.Text())
 			if line == "" {
@@ -23,7 +38,11 @@ func Iterate(reader io.Reader) <-chan net.IP {
 			ip := net.ParseIP(line)
 			if ip != nil && (ip.To4() != nil || enableIPv6) {
 				// ip address
-				ipChan <- ip
+				hostChan <- Host{
+					IP:     ip,
+					Origin: line,
+					Type:   HostTypeIP,
+				}
 				continue
 			}
 			_, _, err := net.ParseCIDR(line)
@@ -44,7 +63,11 @@ func Iterate(reader io.Reader) <-chan net.IP {
 					}
 					ip = net.ParseIP(addr.String())
 					if ip != nil {
-						ipChan <- ip
+						hostChan <- Host{
+							IP:     ip,
+							Origin: line,
+							Type:   HostTypeCIDR,
+						}
 					}
 					addr = addr.Next()
 				}
@@ -55,7 +78,11 @@ func Iterate(reader io.Reader) <-chan net.IP {
 				// domain
 				for _, ip = range ips {
 					if ip.To4() != nil || enableIPv6 {
-						ipChan <- ip
+						hostChan <- Host{
+							IP:     ip,
+							Origin: line,
+							Type:   HostTypeDomain,
+						}
 					}
 				}
 				continue
@@ -66,7 +93,7 @@ func Iterate(reader io.Reader) <-chan net.IP {
 			slog.Error("Read file error", "err", err)
 		}
 	}()
-	return ipChan
+	return hostChan
 }
 func ExistOnlyOne(arr []string) bool {
 	exist := false