{"id":28203200,"url":"https://github.com/7c/sni-capture-go","last_synced_at":"2026-02-27T12:37:52.066Z","repository":{"id":291109077,"uuid":"976588546","full_name":"7c/sni-capture-go","owner":"7c","description":"Golang version of sni capture tool which can capture all incoming tls handshakes and extract useful information from them","archived":false,"fork":false,"pushed_at":"2025-05-03T09:33:14.000Z","size":23,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-08T04:21:00.316Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/7c.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-02T11:32:45.000Z","updated_at":"2025-05-03T09:33:17.000Z","dependencies_parsed_at":"2025-05-02T13:53:37.866Z","dependency_job_id":"7bab6fda-4eac-4927-8f20-a056d2857a0e","html_url":"https://github.com/7c/sni-capture-go","commit_stats":null,"previous_names":["7c/sni-capture-go"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/7c/sni-capture-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7c%2Fsni-capture-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7c%2Fsni-capture-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7c%2Fsni-capture-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7c%2Fsni-capture-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/7c","download_url":"https://codeload.github.com/7c/sni-capture-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7c%2Fsni-capture-go/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266324361,"owners_count":23911226,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-21T11:47:31.412Z","response_time":64,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-17T01:13:50.272Z","updated_at":"2026-02-27T12:37:47.022Z","avatar_url":"https://github.com/7c.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SNI Capture\nA tool to capture Server Name Indication (SNI) information from TLS handshakes and optionally log them along with JA3 fingerprints. Mainly used for research and pentesting.\n\n## Features\n\n- Capture SNI information from TLS handshakes\n- Filter by direction (inbound, outbound, or both)\n- Show JA3 fingerprints for TLS connections\n- JSON output support\n- Once mode to show each SNI only once\n- Automatic external IP detection for accurate direction determination\n- File logging with rotation support\n- REST API server for real-time SNI data access\n\n## Installation\n\n```bash\napt install -y libpcap-dev build-essential\nexport CGO_ENABLED=1\ngo install github.com/7c/sni-capture-go@latest\n```\n\n## Build from source\n```bash\napt install -y libpcap-dev build-essential\ngo build -o sni-capture-go main.go\n## or\nmake\n```\n\n## Usage\nDefault it will listen to default interface and port 443 in console output mode.\n```bash\nsni-capture [options]\n```\n\n### Options\n\n- `-d, --direction`: Direction of TLS handshake to capture (in|out|both) (default: \"both\")\n- `-p, --port`: Ports to listen for TLS handshake (default: \"443\")\n- `-o, --output`: Log output file\n- `-i, --iface`: Network interface to attach to\n- `--listiface`: List all available interfaces\n- `-v, --verbose`: Enable verbose output\n- `--ja3`: Show JA3 fingerprint for each TLS handshake\n- `--json`: Output in JSON format\n- `-1, --once`: Show each SNI only once per session\n- `-l, --lockport`: Port to use for mutex mechanism (default: \"23554\")\n- `--apiserver`: Enable API server\n- `--apiserver-host`: API server host (default: \"127.0.0.1\")\n- `--apiserver-port`: API server port (default: 7810)\n- `--apiserver-log`: API server log file\n\n### Examples\n\nCapture all SNI information:\n```bash\nsni-capture\n```\n\nCapture only outbound SNI information:\n```bash\nsni-capture -d out\n```\n\nCapture SNI information with JA3 fingerprints:\n```bash\nsni-capture --ja3\n```\n\nCapture SNI information in JSON format:\n```bash\nsni-capture --json\n```\n\nCapture SNI information and save to file:\n```bash\nsni-capture -o /tmp/sni.log\n```\n\nShow each SNI only once:\n```bash\nsni-capture -1\n```\n\nStart with API server:\n```bash\nsni-capture --apiserver\n```\n\nStart with API server and custom settings:\n```bash\nsni-capture --apiserver --apiserver-host 0.0.0.0 --apiserver-port 8080 --apiserver-log /tmp/api.log\n```\n\n## API Endpoints\n\nWhen the API server is enabled, the following endpoints are available:\n\n### GET /api/ping\nCheck if the API server is running.\n\nResponse:\n```json\n{\n  \"retcode\": 200\n}\n```\n\n### GET /api/snis/unique\nGet all unique SNIs seen so far.\n\nResponse:\n```json\n{\n  \"retcode\": 200,\n  \"data\": {\n    \"snis\": [\n      {\n        \"timestamp\": \"2024-03-21T10:30:45Z\",\n        \"source_ip\": \"192.168.1.100\",\n        \"dest_ip\": \"1.2.3.4\",\n        \"dest_port\": 443,\n        \"sni\": \"example.com\",\n        \"verified\": true,\n        \"seen_count\": 1,\n        \"dir\": \"out\",\n        \"ja3\": \"abc123...\"\n      }\n    ],\n    \"count\": 1\n  }\n}\n```\n\n### GET /api/snis/{minutes}\nGet SNIs from the last N minutes (1-10).\n\nResponse:\n```json\n{\n  \"retcode\": 200,\n  \"data\": {\n    \"snis\": [\n      {\n        \"timestamp\": \"2024-03-21T10:30:45Z\",\n        \"source_ip\": \"192.168.1.100\",\n        \"dest_ip\": \"1.2.3.4\",\n        \"dest_port\": 443,\n        \"sni\": \"example.com\",\n        \"verified\": true,\n        \"seen_count\": 1,\n        \"dir\": \"out\",\n        \"ja3\": \"abc123...\"\n      }\n    ],\n    \"count\": 1\n  }\n}\n```\n\n## API Logging\n\nWhen `--apiserver-log` is specified, all API requests and responses are logged in JSON format:\n\n```json\n{\n  \"timestamp\": \"2024-03-21T10:30:45Z\",\n  \"method\": \"GET\",\n  \"path\": \"/api/snis/unique\",\n  \"client_ip\": \"192.168.1.100\",\n  \"client_port\": \"12345\",\n  \"user_agent\": \"curl/7.68.0\",\n  \"headers\": {\n    \"Accept\": \"*/*\",\n    \"User-Agent\": \"curl/7.68.0\"\n  },\n  \"status_code\": 200,\n  \"response_body\": {\n    \"retcode\": 200,\n    \"data\": {\n      \"snis\": [...],\n      \"count\": 1\n    }\n  }\n}\n```\n\n## Output Format\n\n### Text Mode\n\n```\nSNI: 192.168.1.100 -\u003e 1.2.3.4:443 example.com (SSL VERIFIED) seen:1 dir:out ja3:abc123...\n```\n\n### JSON Mode\n\n```json\n{\n  \"timestamp\": \"2024-03-21T10:30:45Z\",\n  \"source_ip\": \"192.168.1.100\",\n  \"dest_ip\": \"1.2.3.4\",\n  \"dest_port\": 443,\n  \"sni\": \"example.com\",\n  \"verified\": true,\n  \"seen_count\": 1,\n  \"dir\": \"out\",\n  \"ja3\": \"a7f2d0376cd3fde3117bf6a8369b2ab8\"\n}\n```\n\n## Direction Filtering\n\nThe tool automatically detects your external IP address and uses it to determine traffic direction:\n\n- `dir: \"in\"`: Traffic coming to your machine (source IP != external IP)\n- `dir: \"out\"`: Traffic going from your machine (source IP == external IP)\n\nYou can filter traffic by direction using the `-d` flag:\n- `-d in`: Show only inbound traffic\n- `-d out`: Show only outbound traffic\n- `-d both`: Show all traffic (default)\n\n## Once Mode\n\nWhen `--once` is enabled, each SNI will be shown only once, regardless of how many times it appears. The seen count will still track the total number of occurrences.\n\n## JA3 Fingerprinting\n\nWhen `--ja3` is enabled, each SNI entry will include a JA3 fingerprint of the TLS handshake. This can be useful for identifying specific clients or applications.\n\n## File Logging\n\nWhen `-o` is specified, logs will be written to the specified file with rotation support:\n- Maximum file size: 500MB\n- Maximum backup files: 3\n- Maximum age: 28 days\n\n## License\n\nMIT ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F7c%2Fsni-capture-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F7c%2Fsni-capture-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F7c%2Fsni-capture-go/lists"}