Feature: added API service instantiation of TLSAudit for realtime sca…

…nning and results querying
adedayo · Mar 12, 2019 · 86eee6f · 86eee6f
1 parent 1920929
commit 86eee6f
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 8 deletions.
diff --git a/cmd/tlsaudit/cmd/root.go b/cmd/tlsaudit/cmd/root.go
@@ -76,7 +76,7 @@ func Execute(version string) {
 
 var output, input, service string
 var jsonOut, protocolsOnly, hideCerts, quiet, cipherMetrics bool
-var timeout, rate, port int
+var timeout, rate, api int
 
 func init() {
 	rootCmd.Flags().BoolVarP(&jsonOut, "json", "j", false, "generate JSON output")
@@ -85,14 +85,14 @@ func init() {
 	rootCmd.Flags().BoolVarP(&quiet, "quiet", "q", false, "control whether to produce a running commentary of progress or stay quiet till the end (default: false)")
 	rootCmd.Flags().IntVarP(&timeout, "timeout", "t", 5, "TIMEOUT (in seconds) to adjust how much we are willing to wait for servers to come back with responses. Smaller timeout sacrifices accuracy for speed")
 	rootCmd.Flags().IntVarP(&rate, "rate", "r", 1000, "the rate (in packets per second) that we should use to scan for open ports")
+	rootCmd.Flags().IntVar(&api, "api", 12345, "run as an API service on the specified port")
 	rootCmd.Flags().StringVarP(&output, "output", "o", "tlsaudit.txt", `write results into an output FILE`)
 	rootCmd.Flag("output").NoOptDefVal = "tlsaudit.txt"
 	rootCmd.Flags().StringVarP(&input, "input", "i", "tlsaudit_input.txt", `read the CIDR range, IPs and domains to scan from an input FILE separated by commas, or newlines`)
 	rootCmd.Flag("input").NoOptDefVal = "tlsaudit_input.txt"
 	rootCmd.Flags().StringVarP(&service, "service", "s", tlsaudit.TLSAuditConfigPath, fmt.Sprintf("run %s as a service", app))
 	rootCmd.Flag("service").NoOptDefVal = tlsaudit.TLSAuditConfigPath
 	rootCmd.Flags().BoolVarP(&cipherMetrics, "show-cipher-metrics", "m", false, "enumerate all ciphers and show associated security and performance metrics (default: false)")
-
 }
 
 func runner(cmd *cobra.Command, args []string) error {
@@ -102,15 +102,20 @@ func runner(cmd *cobra.Command, args []string) error {
 		showCipherMetrics()
 		return nil
 	}
-	if len(args) == 0 && !cmd.Flag("service").Changed && !cmd.Flag("input").Changed {
+	if len(args) == 0 && !cmd.Flag("service").Changed && !cmd.Flag("api").Changed && !cmd.Flag("input").Changed {
 		return cmd.Usage()
 	}
 
-	if cmd.Flag("service").Changed { // run as a service
+	if cmd.Flag("service").Changed { // run as a scheduled service with API
 		tlsaudit.Service(service)
 		return nil
 	}
 
+	if cmd.Flag("api").Changed { // run as simple API service
+		tlsaudit.ServeAPI(api)
+		return nil
+	}
+
 	if cmd.Flag("input").Changed {
 		args = getCIDRFromFile(input)
 	}

diff --git a/go.mod b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/gorilla/handlers v1.4.0
 	github.com/gorilla/mux v1.7.0
 	github.com/gorilla/websocket v1.4.0
+	github.com/mitchellh/go-homedir v1.1.0
 	github.com/sirupsen/logrus v1.3.0
 	github.com/spf13/cobra v0.0.3
 	golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25

diff --git a/go.sum b/go.sum
@@ -107,6 +107,7 @@ github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP
 github.com/mdlayher/raw v0.0.0-20181016155347-fa5ef3332ca9/go.mod h1:rC/yE65s/DoHB6BzVOUBNYBGTg772JVytyAytffIZkY=
 github.com/mitchellh/go-homedir v1.0.0 h1:vKb8ShqSby24Yrqr/yDYkuFz8d0WUjys40rvnGC8aR0=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=

diff --git a/pkg/scan-service.go b/pkg/scan-service.go
@@ -53,14 +53,35 @@ func AddTLSAuditRoutes(r *mux.Router) {
 	r.HandleFunc("/getscansummaries/{rewind}", getTLSScanSummaries).Methods("GET")
 }
 
-//Service main service entry functionå
+//Service main service entry function
 func Service(configPath string) {
 	println("Running TLSAudit Service ...")
 	TLSAuditConfigPath = configPath
 	ScheduleTLSAudit(getIPsFromConfig, ipResolver)
-	// runtime.Goexit()
 	if config, err := loadTLSConfig(configPath); err == nil {
-		log.Error(http.ListenAndServe(fmt.Sprintf(":%d", config.ServicePort), handlers.CORS()(routes)))
+		ServeAPI(config.ServicePort)
+	}
+}
+
+//ServeAPI provides an API endpoint for interacting with TLSAudit on the localhost
+func ServeAPI(port int) {
+	corsOptions := []handlers.CORSOption{
+		handlers.AllowedOrigins([]string{"http://localhost:4200",
+			fmt.Sprintf("http://localhost:%d", port)}),
+		handlers.AllowedMethods([]string{"GET", "HEAD", "POST"}),
+		handlers.AllowedHeaders([]string{"Content-Type", "Authorization", "Accept",
+			"Accept-Language", "Origin"}),
+		handlers.AllowCredentials(),
+	}
+	log.Error(http.ListenAndServe(fmt.Sprintf(":%d", port), handlers.CORS(corsOptions...)(routes)))
+
+	certFile, keyFile, err := genCerts()
+	if err == nil {
+		log.Error(http.ListenAndServeTLS(fmt.Sprintf(":%d", port), certFile, keyFile, handlers.CORS()(routes)))
+
+		// log.Error(http.ListenAndServe(fmt.Sprintf(":%d", port), handlers.CORS()(routes)))
+	} else {
+		log.Error(err)
 	}
 }
 

diff --git a/pkg/websocket.go b/pkg/websocket.go
@@ -17,7 +17,7 @@ import (
 
 var (
 	allowedOrigins = []string{
-		"auditmate.local:12345",
+		"localhost:12345",
 	}
 
 	upgrader = websocket.Upgrader{