TLSight - TLS Certificate Scanner

A beautiful command-line tool to scan TLS certificates from remote domains and local certificate files. Built with Aurora for stunning console output with gradient banners, structured logging, and colorful tables.

Features

• Domain Scanning: Connect to remote servers and retrieve TLS certificate information
• Local File Scanning: Parse PEM, CRT, and CER certificate files
• Parallel Processing: Scan multiple targets concurrently for speed
• Beautiful Output: Powered by Aurora with gradient ASCII banners and colorful tables
• Structured Logging: Tree-style output with spinners and progress indicators
• Expiration Warnings: Visual alerts for certificates expiring within 30 days
• Smart Exit Codes: Exit code 1 if any certificates are expired or have errors

Installation

# Clone or download the repository
cd TLSight

# Build the binary
go build -o tlsight.exe .

# Or run directly
go run .

Usage

Basic Examples

# Scan domains from a file
tlsight --domains domains.txt

# Scan a directory of certificate files
tlsight --files ./certs/

# Scan individual domains
tlsight --domain example.com --domain google.com

# Scan individual certificate files
tlsight --file ./cert.pem --file ./server.crt

# Combine multiple sources
tlsight --domains domains.txt --files ./certs/ --domain extra.com

# Disable the startup banner
tlsight --domains domains.txt --no-banner

# Disable colors (for piping/logging)
tlsight --domains domains.txt --no-color

Command-Line Flags

Flag	Description	Default
--domains	Path to file containing domains (one per line)	-
--files	Path to directory containing certificate files	-
--domain	Individual domain to scan (repeatable)	-
--file	Individual certificate file to scan (repeatable)	-
--timeout	Connection timeout in seconds	10
--concurrency	Number of parallel workers	10
--no-color	Disable colored output	false
--no-banner	Skip the startup banner	false
--warnings	Show expiration warnings	true
--version	Show version and exit	-

Domains File Format

# Comments start with #
# Empty lines are ignored

# Basic domain (uses port 443)
example.com

# Domain with explicit port
internal.example.com:8443

# IPv6 address (use brackets)
[::1]:443

Output

TLSight uses Aurora for beautiful console output:

Startup Banner

A gradient ASCII art banner with the cyberpunk theme, showing the version and tagline.

Structured Logging

  16:55:41.849  ● INFO  Scanning domains from file
            └─ path: domains.txt
  ✓ Scanned 5 domain(s)

Results Table

A beautifully formatted table with gradient headers showing:

• Domain/File
• Common Name (CN)
• Issuer
• Expiration status

Summary

Key-value display with color-coded statistics:

• Total Scanned
• Healthy (>60 days)
• Warning (30-60 days)
• Critical (<30 days)
• Expired
• Errors

Final Status

• ✓ Success: All certificates are healthy
• ⚠ Warning: Some certificates need attention
• ✖ Error: Action required (expired or critical certificates)

Project Structure

TLSight/
├── main.go           # CLI entry point with Aurora integration
├── scanner/
│   └── scanner.go    # Core TLS/certificate scanning logic
├── output/
│   └── output.go     # Table formatting with Aurora
├── domains.txt       # Sample domains file
├── go.mod            # Go module definition
└── README.md         # This file

Architecture

The code is organized into modular packages:

1. scanner: Handles all certificate retrieval logic

   • TLS handshake for remote domains
   • PEM/DER parsing for local files
   • Parallel scanning with worker pools

2. output: Handles all display logic

   • Aurora table rendering
   • Warning display with structured logging

3. main: CLI orchestration

   • Aurora banner and logging
   • Flag parsing
   • Coordinating scanner and output

Dependencies

• Aurora - Beautiful console logging for Go

License

MIT License - Feel free to use and modify.

Example