sniffl

module
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 23, 2025 License: MIT

README

sniffl 🐽

Go Reference Build Status Release Go Report Card

sniffl is a Certificate Sniffing & Export Tool designed to fetch, inspect, and export TLS certificates from remote servers using multiple protocols including SMTP, IMAP, POP3, or plain TLS connection.

Features

  • Supports multiple protocols with STARTTLS: SMTP, IMAP, POP3, and plain TLS
  • Fetches full certificate chains from remote servers
  • Export the DNS names found in certificates to a file
  • Exports certificates as individual PEM files, standalone bundles, or full bundles including trusted root CAs (System + Mozilla)
  • Exports system-trusted certificate authorities from both macOS and Windows stores for root CA inclusion
  • Protocol guessing based on common ports if not explicitly specified

Installation

Option 1: Download a Precompiled Binary

Go to the releases page and download a precompiled binary for your operating system and architecture.

Option 2: Build from Source

Clone the repository and build the binary with Go:

git clone https://github.com/lesydimitri/sniffl.git
cd sniffl
go build -o dist/sniffl ./cmd/sniffl

Note: For Windows cross-compilation on other platforms, use:

GOOS=windows GOARCH=amd64 go build -o dist/sniffl.exe ./cmd/sniffl

Usage

sniffl [-export single|bundle|full_bundle] (-H host:port | -F filename) [protocol] [-exportdns FILE] [-verbose]

Options

  • -export <single|bundle|full_bundle>
    Export certificates:

    • single Export each certificate as a separate PEM file
    • bundle Export all certificates into a single PEM file
    • full_bundle Export all certificates into a single PEM file with system/Mozilla root CAs appended

  • -exportdns FILE
    Write all unique DNS names found in the scanned certificates to the specified file

  • -verbose, -v
    Enable verbose debug logging

  • -H host:port
    Scan a single host and port (e.g. smtp.example.com:587)

  • -F FILE
    Scan multiple targets from a file. Each line must be formatted as:

    host:port [protocol]

  • protocol (optional with -H, ignored with -F)
    Protocol for STARTTLS negotiation (smtp, imap, pop3, none)
    If omitted, the tool will try to guess based on the port (e.g., port 587 → SMTP)

Examples

Scan a single SMTP server and export each certificate separately:

sniffl -H smtp.gmail.com:587 smtp -export single

Scan using an IMAP connection and output the full bundle with roots:

sniffl -H imap.mail.yahoo.com:143 imap -export full_bundle

Scan a list of targets from a file (with optional per-line protocols):

sniffl -F targets.txt

Export all DNS names found to a separate file:

sniffl -H example.com:443 -exportdns dnsnames.txt

Contributing

Contributions, issues, and feature requests are welcome! Feel free to check the issues page or open a pull request.

Credits

  • Brank, for split-certs-online
  • AI chatbots, for quick prototyping and taking the blame for any shitty code

Support

ko-fi

Change Please

Directories

Path Synopsis
cmd
sniffl command
cmd/sniffl/main.go
 cmd/sniffl/main.go
sniffl/app.go
 sniffl/app.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.