# Tools

A small Go web app built with Gin that provides a browser-based toolkit for:

- TLS certificate generation
- DNS record lookup
- SSL/TLS certificate inspection for a remote URL
- PEM inspection for pasted certificates, CSRs, private keys, and public keys

## Requirements

- Go 1.24+
- Optional: Docker

## Run locally

Start the app over HTTP on the default port:

```bash
go run .
```

The app listens on `PORT` if it is set, otherwise it uses `8080`.

```bash
PORT=9090 go run .
```

## Run with TLS

If both `TLS_CERT_FILE` and `TLS_KEY_FILE` are provided, the server starts with HTTPS:

```bash
PORT=8443 TLS_CERT_FILE=server.crt TLS_KEY_FILE=server.key go run .
```

If only one of `TLS_CERT_FILE` or `TLS_KEY_FILE` is set, startup fails.

## Available tools

### TLS Generator

Generate an RSA private key, public key, CSR, and self-signed certificate.

- Supports subject fields like common name, organization, OU, locality, state/province, and country
- Supports DNS SAN entries
- Supports RSA key sizes `2048`, `3072`, and `4096`

### DNS Lookup

Look up common DNS records for a hostname:

- `A` / `AAAA`
- `CNAME`
- `MX`
- `NS`
- `TXT`

### SSL Check

Enter a URL and the app connects to the remote server over TLS and displays:

- Negotiated TLS version
- Cipher suite
- ALPN protocol
- Leaf certificate PEM
- Parsed certificate chain details

### PEM Check

Paste PEM blocks directly into the UI to inspect:

- Certificates
- Certificate signing requests
- RSA private keys
- PKCS#8 private keys
- EC private keys
- Public keys

## API endpoints

The UI uses these JSON endpoints:

- `POST /api/tls/generate`
- `POST /api/dns/lookup`
- `POST /api/ssl/check`
- `POST /api/pem/check`

## Test and build

```bash
go test ./...
go build ./...
```

## Docker

Build the image manually:

```bash
docker build -t bmallenxs/tools:latest .
```

Or use the helper script:

```bash
./publish.sh
```

The script builds the Docker image with the tag `bmallenxs/tools:latest`.