New get-server-tls-cert command to fetch and optionally install public TLS certs to the system store for one-way SSL

src/commands/aws/generate-sso-profiles.sh

@@ -38,42 +38,44 @@ if [[ $backup == 1 ]]; then
 fi
 
 login() {
-	ssoLoggedIn=$(find "$HOME/.aws/sso/cache" -type f ! -name "botocore*" -exec jq -r '.accessToken | select(. != null)' {} \; | wc -l)
-	if [[ $ssoLoggedIn == 0 || ! -f "$HOME"/.aws/config ]]; then
+	sso_logged_in=$(find "$HOME/.aws/sso/cache" -type f ! -name "botocore*" -exec jq -r '.accessToken | select(. != null)' {} \; | wc -l)
+	if [[ $sso_logged_in == 0 || ! -f "$HOME"/.aws/config ]]; then
 		yellow_bold "You must first be logged into AWS with at least one profile. Logging in now..."
+		red_bold "You will be required to finish the login process, so control will be returned to you after logging in with your browser"
 		[[ -f "$HOME"/.aws/config ]] || touch "$HOME"/.aws/config
 	
 		export AWS_PROFILE=''
 		export AWS_REGION=''
-		/usr/bin/expect<<-EOF
-			set force_conservative 1
+		export SSO_START_URL="$sso_start_url"
+		export SSO_REGION="$sso_region"
+		/usr/bin/expect <(cat <<-'EOF'
 			set timeout 120
 			match_max 100000
-			spawn aws configure sso
-			expect "SSO session name (Recommended):"
+
+			set sso_start_url $env(SSO_START_URL)
+			set sso_region    $env(SSO_REGION)
+
+			spawn env TERM=dumb aws configure sso
+
+			expect -re {SSO session name \(Recommended\):\s*$}
 			send -- "session\r"
-			expect "SSO start URL"
-			send -- "$sso_start_url\\r"
-			expect "SSO region"
+
+			expect -re {SSO start URL \[None\]:\s*$}
+			send -- "$sso_start_url\r"
+
+			expect -re {SSO region \[None\]:\s*$}
 			send -- "$sso_region\r"
-			expect {
-			  "SSO registration scopes" {
-			    send "sso:account:access\\r"
-			    exp_continue
-			  }
-			  -re {(.*)accounts available to you(.*)} {
-			    send "\\r"
-			    exp_continue
-			  }
-			  -re {(.*)roles available to you(.*)} {
-			    send "\\r"
-			    exp_continue
-			  }
-			  "CLI default client Region"
-			}
-			send "\r\r\r\r"
-			expect eof
-		EOF
+
+			expect -re {SSO registration scopes \[sso:account:access\]:\s*$}
+			send -- "sso:account:access\r"
+
+			expect -re {.*accounts available to you\s*}
+
+			interact
+			EOF
+			) 2>/dev/null
+
+		green "Logged in!"
 	elif ! (aws sts get-caller-identity > /dev/null 2>&1); then
 		red_bold "You must be logged into AWS before running this script."
 		yellow "Logging in via SSO. Follow the steps in the opened browser to log in."
@@ -96,27 +98,29 @@ login() {
 
 login
 
-if ! (aws sso list-accounts --profile "${profiles[0]}" --region "$aws_region" --access-token "$ACCESS_TOKEN" --output json > /dev/null 2>&1); then
+if ! (aws sso list-accounts --profile "${profiles[0]}" --region "$sso_region" --access-token "$ACCESS_TOKEN" --output json > /dev/null 2>&1); then
 	red "Unable to use existing SSO access token. Wiping tokens and generating new tokens..."
 	rm "$HOME"/.aws/sso/cache/*.json
 	login
 fi
 
-aws sso list-accounts --profile "${profiles[0]}" --region "$aws_region" --access-token "$ACCESS_TOKEN" --output json | jq '.accountList[]' -rc | while read -r account; do
-	declare accountId
-	declare accountName
-    accountId="$(echo "$account" | jq -rc '.accountId')"
-    accountName="$(echo "$account" | jq -rc '.accountName | ascii_downcase | gsub(" "; "-")')"
+aws sso list-accounts --profile "${profiles[0]}" --region "$sso_region" --access-token "$ACCESS_TOKEN" --output json | jq '.accountList[]' -rc | while read -r account; do
+	declare account_id
+	declare account_name
+  account_id="$(echo "$account" | jq -rc '.accountId')"
+  account_name="$(echo "$account" | jq -rc '.accountName | ascii_downcase | gsub(" "; "-")')"
 
-    aws sso list-account-roles --profile "${profiles[0]}" --region "$aws_region" --access-token "$ACCESS_TOKEN" --output json --account-id "$accountId" | jq '.roleList[].roleName' -rc | while read -r roleName; do
+  aws sso list-account-roles --profile "${profiles[0]}" --region "$sso_region" --access-token "$ACCESS_TOKEN" --output json --account-id "$account_id" |\
+  	jq '.roleList[].roleName' -rc |\
+  	while read -r role_name; do
 			declare profileName
-			profileName="$accountName-$roleName"
+			profileName="$account_name-$role_name"
 
 			if ! (grep -q "$profileName" ~/.aws/config); then
-				blue "Creating profiles for account $accountName"
-					write-profile-to-config "$accountName-$roleName" "$sso_start_url" "$sso_region" "$accountId" "$roleName" "$aws_region"
+				blue "Creating profiles for account $account_name"
+					write-profile-to-config "$account_name-$role_name" "$sso_start_url" "$sso_region" "$account_id" "$role_name" "$aws_region"
 			fi
-    done
+	  done
 done
 
 green_bold "Successfully generated profiles from AWS SSO!"

src/commands/clean/package-caches.sh

@@ -17,7 +17,7 @@ if (command -v snap > /dev/null 2>&1); then
   LANG=en_US.UTF-8 snap list --all |\
      awk '/disabled/{print $1, $3}' |\
      while read -r snapname revision; do
-  		 snap remove "$snapname" --revision="$revision"
+  		 sudo snap remove "$snapname" --revision="$revision"
      done
    blue_bold "Purging cached Snap versions..."
    sudo rm -rf /var/cache/snapd/*

src/commands/network/get-server-tls-cert.sh

@@ -0,0 +1,16 @@
+# shellcheck disable=SC2154
+declare host="${args[host]}"
+declare port="${args[--port]}"
+declare view_only="${args[--view-only]}"
+declare output_dir="${args[--output-dir]}"
+declare filename="${args[--filename]}"
+
+if [[ "$view_only" == 1 ]]; then
+  openssl s_client -showcerts -connect "${host}:${port}"
+else
+  openssl s_client -showcerts -connect "${host}:${port}" </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' | sudo tee "${output_dir}/${filename:-${host%%.*}}.pem"
+fi
+
+if dpkg -s ca-certificates > /dev/null 2>&1; then
+  sudo update-ca-certificates
+fi

src/commands/network/network_commands.yml

@@ -288,3 +288,45 @@ commands:
               C-->D
               C-->F
           '
+
+  - name: get-server-tls-cert
+    help: |-
+      Retrieve the TLS certificate from a server and save it to a file.
+      If on a debian-based system and 'ca-certificates' is installed, the certificate will be installed into the system's trust store.
+    dependencies:
+      openssl: Install with either 'sudo apt install libssl-dev' or 'brew install openssl@3'
+    args:
+      - name: host
+        help: Domain name or IP address
+        required: true
+    flags:
+      - long: --port
+        short: -p
+        help: The port to connect to
+        arg: port
+        default: '443'
+        validate: port_number
+      - long: --view-only
+        short: -v
+        help: Only print the certificate(s) to stdout
+        conflicts: [--output-dir, --filename]
+      - long: --output-dir
+        short: -d
+        help: |-
+          Write the certificate to a file.
+          Defaults to `/usr/local/share/ca-certificates`.
+        arg: output
+        completions:
+          - <file>
+        conflicts: [--view-only]
+        default: /usr/local/share/ca-certificates
+      - long: --filename
+        short: -f
+        arg: filename
+        help: |-
+          The name of the '.pem' file to save the cert to.
+          By default, it is 'domain.pem'
+        conflicts: [--view-only]
+    examples:
+      - dtools network get-server-tls-cert google.com --port 443
+      - dtools network get-server-tls-cert example.com --output-dir . --filename example.com

src/commands/tui/dev-help/command-lookup.sh

@@ -0,0 +1 @@
+navi

src/commands/tui/dev-help/dev_help_commands.yml

@@ -12,3 +12,8 @@ commands:
     help: Wikipedia TUI (wiki-tui)
     dependencies:
       wiki-tui: See 'https://wiki-tui.net/latest/'
+
+  - name: command-lookup
+    help: Interactive command cheatsheet so you don't have to google all your commands (navi)
+    dependencies:
+      navi: See 'https://github.com/denisidoro/navi'

src/commands/tui/development/development_commands.yml

@@ -88,3 +88,8 @@ commands:
     help: Fast, remote-first, multi-host TUI log viewer with timeline histogram and no central server (nerdlog)
     dependencies:
       nerdlog: See 'https://github.com/dimonomid/nerdlog'
+
+  - name: system-benchmark
+    help: Statistic benchmarking using your CLI with warmup rounds, outlier removal, and side-by-side comparison (hyperfine)
+    dependencies:
+      hyperfine: See 'https://github.com/sharkdp/hyperfine'

src/commands/tui/development/system-benchmark.sh

@@ -0,0 +1 @@
+hyperfine

src/commands/tui/monitoring/disk-monitor.sh

@@ -0,0 +1 @@
+ncdu

src/commands/tui/monitoring/monitoring_commands.yml

@@ -17,3 +17,8 @@ commands:
     help: Linux kernel manager and activity monitor (kmon)
     dependencies:
       kmon: See 'https://github.com/orhun/kmon'
+
+  - name: disk-monitor
+    help: Interactive disk usage navigator (ncdu)
+    dependencies:
+      ncdu: See 'https://dev.yorhel.nl/ncdu'

src/commands/tui/network/lan-discovery.sh

@@ -0,0 +1 @@
+whosthere

src/commands/tui/network/network_commands.yml

@@ -87,3 +87,8 @@ commands:
     help: A simple API client (Postman-like) (atac)
     dependencies:
       atac: See 'https://atac.julien-cpsn.com/'
+
+  - name: lan-discovery
+    help: Local Area Network discovery tool with a modern Terminal User Interface (TUI) written in Go. Discover, explore, and understand your LAN in an intuitive way. Knock Knock.. who's there? (whosthere)
+    dependencies:
+      whosthere: See 'https://github.com/ramonvermeulen/whosthere'