From 9aa31c51676f22996a1f26d921d3acb037f5cfad Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 2 Dec 2020 15:49:57 -0700
Subject: [PATCH] add sclient

---
 sclient/README.md   | 119 ++++++++++++++++++++++++++++++++++++++++++++
 sclient/install.ps1 |  57 +++++++++++++++++++++
 sclient/install.sh  |  42 ++++++++++++++++
 sclient/releases.js |  18 +++++++
 4 files changed, 236 insertions(+)
 create mode 100644 sclient/README.md
 create mode 100644 sclient/install.ps1
 create mode 100644 sclient/install.sh
 create mode 100644 sclient/releases.js

diff --git a/sclient/README.md b/sclient/README.md
new file mode 100644
index 0000000..db356ac
--- /dev/null
+++ b/sclient/README.md
@@ -0,0 +1,119 @@
+---
+title: sclient
+homepage: https://github.com/therootcompany/sclient
+tagline: |
+  sclient: a cross-platform tool to unwrap TLS as plain text.
+---
+
+To update or switch versions, run `webi sclient@stable`.
+
+## Cheat Sheet
+
+> sclient unwraps encrypted connections (HTTPS/TLS/SSL) so that you can work
+> with them as as plain text (or binary). Great for debugging web services, and
+> security research.
+>
+> Think of it like netcat (or socat) + openssl s_client.
+
+You can _literally_ use this on example.com:
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+To use it with an http client, just set the Host header to the original domain:
+
+```bash
+curl -H "Host: example.com" http://localhost:3000
+```
+
+```html
+<!DOCTYPE html>
+<html>
+  <body>
+    <h1>Example Domain</h1>
+    This domain is for use in illustrative examples in documents. You may use
+    this domain in literature without prior coordination or asking for
+    permission.
+    <a href="https://www.iana.org/domains/example">More information...</a>
+  </body>
+</html>
+```
+
+### How to Proxy SSH over SSL
+
+SSH can be tunneled within HTTPS, TLS, SSL, WebSockets, etc.
+
+```bash
+ssh -o ProxyCommand="sclient %h" jon.telebit.io
+```
+
+This is useful to be able to connect to SSH even from behind a corporate
+packet-inspection firewall. It can also be used to multiplex and relay multiple
+ssh connections through a single host.
+
+### How to unwrap TLS for Telnet (HTTP/HTTPS)
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+```bash
+telnet localhost 3000
+```
+
+### How to unwrap TLS for SMTP/SMTPS/STARTTLS
+
+```bash
+sclient smtp.gmail.com:465 localhost:2525
+```
+
+```bash
+telnet localhost 2525
+
+Trying 127.0.0.1...
+Connected to localhost.
+Escape character is '^]'.
+220 smtp.gmail.com ESMTP c79-v6sm37968282pfb.147 - gsmtp
+```
+
+### How to use with stdin / stdout
+
+```bash
+sclient whatever.com -
+```
+
+Use just like netcat or telnet. A manual HTTP request, for example:
+
+```txt
+> GET / HTTP/1.1
+> Host: whatever.com
+> Connection: close
+>
+```
+
+### How to pipe connections
+
+```bash
+printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud
+```
+
+### How to Spoof SNI
+
+Sometimes you want to check to see if your site is vulnerable to SNI-spoofing
+attacks, such as Domain Fronting.
+
+The literal domains `example.net` and `example.com` are _actually_ vulnerable to
+SNI spoofing:
+
+```bash
+sclient --servername example.net example.com:443 localhost:3000
+curl -H "example.com" http://localhost:3000
+```
+
+Most domains, however, are not:
+
+```bash
+sclient --servername google.net google.com:443 localhost:3000
+curl -H "google.com" http://localhost:3000
+```
diff --git a/sclient/install.ps1 b/sclient/install.ps1
new file mode 100644
index 0000000..70bbe9e
--- /dev/null
+++ b/sclient/install.ps1
@@ -0,0 +1,57 @@
+#!/usr/bin/env pwsh
+
+###################
+# Install sclient #
+###################
+
+# Every package should define these variables
+$pkg_cmd_name = "sclient"
+
+$pkg_dst_cmd = "$Env:USERPROFILE\.local\bin\sclient.exe"
+$pkg_dst = "$pkg_dst_cmd"
+
+$pkg_src_cmd = "$Env:USERPROFILE\.local\opt\sclient-v$Env:WEBI_VERSION\bin\sclient.exe"
+$pkg_src_bin = "$Env:USERPROFILE\.local\opt\sclient-v$Env:WEBI_VERSION\bin"
+$pkg_src_dir = "$Env:USERPROFILE\.local\opt\sclient-v$Env:WEBI_VERSION"
+$pkg_src = "$pkg_src_cmd"
+
+$pkg_download = "$Env:USERPROFILE\Downloads\$Env:WEBI_PKG_FILE"
+
+# Fetch archive
+IF (!(Test-Path -Path "$Env:USERPROFILE\Downloads\$Env:WEBI_PKG_FILE"))
+{
+    # TODO: arch detection
+    echo "Downloading sclient from $Env:WEBI_PKG_URL to $pkg_download"
+    & curl.exe -A "$Env:WEBI_UA" -fsSL "$Env:WEBI_PKG_URL" -o "$pkg_download.part"
+    & move "$pkg_download.part" "$pkg_download"
+}
+
+IF (!(Test-Path -Path "$pkg_src_cmd"))
+{
+    echo "Installing sclient"
+
+    # TODO: create package-specific temp directory
+    # Enter tmp
+    pushd .local\tmp
+
+        # Remove any leftover tmp cruft
+        Remove-Item -Path ".\sclient-*" -Recurse -ErrorAction Ignore
+        Remove-Item -Path ".\sclient.exe" -Recurse -ErrorAction Ignore
+
+        # Unpack archive file into this temporary directory
+        # Windows BSD-tar handles zip. Imagine that.
+        echo "Unpacking $pkg_download"
+        & tar xf "$pkg_download"
+
+        # Settle unpacked archive into place
+        echo "Install Location: $pkg_src_cmd"
+        New-Item "$pkg_src_bin" -ItemType Directory -Force
+        Move-Item -Path ".\sclient.exe" -Destination "$pkg_src_bin"
+
+    # Exit tmp
+    popd
+}
+
+echo "Copying into '$pkg_dst_cmd' from '$pkg_src_cmd'"
+Remove-Item -Path "$pkg_dst_cmd" -Recurse -ErrorAction Ignore
+Copy-Item -Path "$pkg_src" -Destination "$pkg_dst" -Recurse
diff --git a/sclient/install.sh b/sclient/install.sh
new file mode 100644
index 0000000..3cebf38
--- /dev/null
+++ b/sclient/install.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+function __init_sclient() {
+    set -e
+    set -u
+
+    ###################
+    # Install sclient #
+    ###################
+
+    # Every package should define these 6 variables
+    pkg_cmd_name="sclient"
+
+    pkg_dst_cmd="$HOME/.local/bin/sclient"
+    pkg_dst="$pkg_dst_cmd"
+
+    pkg_src_cmd="$HOME/.local/opt/sclient-v$WEBI_VERSION/bin/sclient"
+    pkg_src_dir="$HOME/.local/opt/sclient-v$WEBI_VERSION"
+    pkg_src="$pkg_src_cmd"
+
+    pkg_install() {
+        # $HOME/.local/opt/sclient-v1.3.3/bin
+        mkdir -p "$pkg_src_bin"
+
+        # mv ./sclient* "$HOME/.local/opt/sclient-v1.3.3/bin/sclient"
+        mv ./"$pkg_cmd_name"* "$pkg_src_cmd"
+
+        # chmod a+x "$HOME/.local/opt/sclient-v1.3.3/bin/sclient"
+        chmod a+x "$pkg_src_cmd"
+    }
+
+    pkg_get_current_version() {
+        # 'sclient version' has output in this format:
+        #       sclient 1.3.3 (455db50) 2020-12-02T22:05:35Z
+        # This trims it down to just the version number:
+        #       1.3.3
+        echo "$(sclient --version 2>/dev/null | head -n 1 | cut -d' ' -f2 | sed 's:^v::')"
+    }
+
+}
+
+__init_sclient
diff --git a/sclient/releases.js b/sclient/releases.js
new file mode 100644
index 0000000..7121985
--- /dev/null
+++ b/sclient/releases.js
@@ -0,0 +1,18 @@
+'use strict';
+
+var github = require('../_common/github.js');
+var owner = 'therootcompany';
+var repo = 'sclient';
+
+module.exports = function (request) {
+  return github(request, owner, repo).then(function (all) {
+    return all;
+  });
+};
+
+if (module === require.main) {
+  module.exports(require('@root/request')).then(function (all) {
+    all = require('../_webi/normalize.js')(all);
+    console.info(JSON.stringify(all));
+  });
+}
-- 
2.25.1