Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard SSL Certificate detection #56

Closed
ehsandeep opened this issue Jul 19, 2022 · 0 comments · Fixed by #68 or #75
Closed

Wildcard SSL Certificate detection #56

ehsandeep opened this issue Jul 19, 2022 · 0 comments · Fixed by #68 or #75
Assignees
@parrasajad
Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@ehsandeep
Copy link
Member

Please describe your feature request:

This is more of a feature for data analysis; currently two types of wildcard certificate are issuesd:

  1. Wildcard SSL certificate for a specific domain (*.cn)
  2. Wildcard SAN Certificate (*.san)

CLI Option:

   -wc, -wildcard-cert    display wildcard certificate

Example run with JSON output:

echo expired.badssl.com | tlsx -json

{
  "timestamp": "2022-07-19T16:24:59.085676+05:30",
  "host": "expired.badssl.com",
  "ip": "104.154.89.105",
  "port": "443",
  "probe_status": true,
+  "wildcard_certificate": true,
  "tls_version": "tls12",
  "cipher": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  "expired": true,
  "not_before": "2015-04-09T00:00:00Z",
  "not_after": "2015-04-12T23:59:59Z",
  "subject_dn": "CN=*.badssl.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated",
  "subject_cn": "*.badssl.com",
  "subject_an": [
    "*.badssl.com",
    "badssl.com"
  ],
  "issuer_dn": "CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB",
  "issuer_cn": "COMODO RSA Domain Validation Secure Server CA",
  "issuer_org": [
    "COMODO CA Limited"
  ],
  "fingerprint_hash": {
    "md5": "67344e61c0431cf1f7257c1d6de7a785",
    "sha1": "404bbd2f1f4cc2fdeef13aabdd523ef61f1c71f3",
    "sha256": "ba105ce02bac76888ecee47cd4eb7941653e9ac993b61b2eb3dcc82014d21b4f"
  },
  "tls_connection": "ctls",
  "sni": "expired.badssl.com"
}

Example run with CLI output:

echo expired.badssl.com | tlsx -wc

hackerone.com:443 [wildcard]

Detection logic:

if subject_cn || subject_an contains *., wildcard_certificate == true
@ehsandeep ehsandeep added the Type: Enhancement Most issues will probably ask for additions or changes. label Jul 19, 2022
@ehsandeep ehsandeep added Status: Available No one has claimed responsibility for resolving this issue Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix and removed Status: Available No one has claimed responsibility for resolving this issue labels Jul 29, 2022
@parrasajad parrasajad self-assigned this Aug 1, 2022
@parrasajad parrasajad linked a pull request Aug 2, 2022 that will close this issue
Wildcard certificate check #68
Merged
@parrasajad parrasajad added the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Aug 2, 2022
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Aug 2, 2022
@ehsandeep ehsandeep linked a pull request Aug 22, 2022 that will close this issue
v0.0.6 Release #75
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@parrasajad parrasajad

Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Wildcard certificate check projectdiscovery/tlsx
v0.0.6 Release projectdiscovery/tlsx
2 participants
@ehsandeep @parrasajad