Difference between revisions of "Cert scan"
Jump to navigation
Jump to search
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | # | + | # Certificate HTTPS Scanning |
+ | |||
+ | This can be used for quick checking of https endpoints. Default is 443. | ||
+ | |||
+ | |||
+ | ## Prerequisites | ||
+ | ``` | ||
+ | apt install jq | ||
+ | ``` | ||
+ | Download latest release for your platform from https://github.com/genkiroid/cert | ||
## get-dnsRecords.ps1 | ## get-dnsRecords.ps1 | ||
Line 80: | Line 89: | ||
# cert.exe -f json -skip-verify $hosts | ConvertFrom-Json | ConvertTo-Json -Depth 10 > .\$($zoneName).json | # cert.exe -f json -skip-verify $hosts | ConvertFrom-Json | ConvertTo-Json -Depth 10 > .\$($zoneName).json | ||
write-host "Check $($zoneName).json for scan results." | write-host "Check $($zoneName).json for scan results." | ||
+ | ``` | ||
+ | |||
+ | ## Convert JSON to greppable one liner | ||
+ | ``` | ||
+ | zoneName=example.com; cat $zoneName.json | jq -r '.[] | "\(.domainName), \(.ip), \(.issuer), \(.commonName), \(.sans), \(.notBefore), \(.notAfter), \(.error)"' > $zoneName.json.lines | ||
+ | ``` | ||
+ | |||
+ | # json to csv | ||
+ | ``` | ||
+ | cert -f json www.uvoo.me www.uvoo.io uvoo.io | jq -r '(. | map(leaf_paths) | unique) as $cols | map (. as $row | ($cols | map(. as $col | $row | getpath($col)))) as $rows | ([($cols | map(. | map(tostring) | join(".")))] + $rows) | map(@csv) | .[]' | ||
+ | ``` | ||
+ | |||
+ | # Another Example | ||
+ | |||
+ | example.com.records | ||
+ | ``` | ||
+ | host1.example.com host2.example.com | ||
+ | ``` | ||
+ | |||
+ | |||
+ | cert-scan-to-csv.sh | ||
+ | ``` | ||
+ | #!/bin/bash | ||
+ | set -eu | ||
+ | |||
+ | |||
+ | |||
+ | if [ "$#" -ne 2 ]; then | ||
+ | echo "Usage: $0 <zoneName> <port>" | ||
+ | echo "Example: $0 example.com 443" | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | zoneName=$1 | ||
+ | port=$2 | ||
+ | echo "Getting hosts array from $zoneName.records " | ||
+ | |||
+ | textToRemove="@.$zoneName" | ||
+ | hosts=$(cat $zoneName.records | sed 's/$textToRemove//g') | ||
+ | hosts=$(echo "$hosts" | sed -r "s/\s/:$port /g") | ||
+ | outfile="$zoneName.$port.csv" | ||
+ | # cert -f json -skip-verify $hosts | jq > $zoneName.json | ||
+ | cert -f json -skip-verify $hosts | jq -r '(. | map(leaf_paths) | unique) as $cols | map (. as $row | ($cols | map(. as $col | $row | getpath($col)))) as $rows | ([($cols | map(. | map(tostring) | join(".")))] + $rows) | map(@csv) | .[]' > $outfile | ||
+ | ``` | ||
+ | |||
+ | Run command to build csv | ||
+ | ``` | ||
+ | cert-scan-to-csv.sh example.com 443 | ||
``` | ``` |
Latest revision as of 17:34, 25 January 2024
Certificate HTTPS Scanning
This can be used for quick checking of https endpoints. Default is 443.
Prerequisites
apt install jq
Download latest release for your platform from https://github.com/genkiroid/cert
get-dnsRecords.ps1
$ErrorActionPreference = "Stop" if ($args.Count -lt 2) { Write-Host "Usage: get-dnsRecords.ps1 <zone name/domain> <windows dns hostname>" Write-Host "Example: get-dnsRecords.ps1 example win-dns-hostname" exit 1 } $zoneName = $args[0] $dnsHost = $args[1] # write-host "$zoneName" # exit $rsp = Invoke-Command -ComputerName $dnsHost -ScriptBlock { param($zoneName, $dnsHost) $dnsRecords = Get-DnsServerResourceRecord -ZoneName $zoneName -RRType A foreach ($record in $dnsRecords) { Write-Output "$($record.HostName).$zoneName" } $dnsRecords = Get-DnsServerResourceRecord -ZoneName $zoneName -RRType CName foreach ($record in $dnsRecords) { Write-Output "$($record.HostName).$zoneName" } } -ArgumentList $zoneName, $dnsHost write-output "$rsp" | Out-File -FilePath ".\$($zoneName).records" write-host "Records are in in file .\$($zoneName).records"
cert-scan.sh
#!/bin/bash set -eu if [ "$#" -ne 1 ]; then echo "Usage: $0 <zoneName>" echo "Example: $0 example.com" exit 1 fi zoneName=$1 echo "Getting hosts array from $zoneName.records " textToRemove="@.$zoneName" hosts=$(cat $zoneName.records | sed 's/$textToRemove//g') cert -f json -skip-verify $hosts | jq > $zoneName.json echo "Check $zoneName.json for scan results."
cert-scan.ps1
This only works if $hosts var array is smaller
$ErrorActionPreference = "Stop" if ($args.Count -lt 1) { Write-Host "Usage: cert-scan.ps1 <zoneName>" Write-Host "Example: cert-scan.ps1 example.com" exit 1 } $zoneName = $args[0] write-host "Getting hosts from $($zoneName).records " $hosts = Get-Content .\$($zoneName).records $textToRemove = "@.$zoneName" $hosts = $hosts -replace [regex]::Escape($textToRemove), "" $hosts = -split $hosts cert.exe -f json -skip-verify $hosts # cert.exe -f json -skip-verify $hosts | ConvertFrom-Json | ConvertTo-Json -Depth 10 > .\$($zoneName).json write-host "Check $($zoneName).json for scan results."
Convert JSON to greppable one liner
zoneName=example.com; cat $zoneName.json | jq -r '.[] | "\(.domainName), \(.ip), \(.issuer), \(.commonName), \(.sans), \(.notBefore), \(.notAfter), \(.error)"' > $zoneName.json.lines
json to csv
cert -f json www.uvoo.me www.uvoo.io uvoo.io | jq -r '(. | map(leaf_paths) | unique) as $cols | map (. as $row | ($cols | map(. as $col | $row | getpath($col)))) as $rows | ([($cols | map(. | map(tostring) | join(".")))] + $rows) | map(@csv) | .[]'
Another Example
example.com.records
host1.example.com host2.example.com
cert-scan-to-csv.sh
#!/bin/bash set -eu if [ "$#" -ne 2 ]; then echo "Usage: $0 <zoneName> <port>" echo "Example: $0 example.com 443" exit 1 fi zoneName=$1 port=$2 echo "Getting hosts array from $zoneName.records " textToRemove="@.$zoneName" hosts=$(cat $zoneName.records | sed 's/$textToRemove//g') hosts=$(echo "$hosts" | sed -r "s/\s/:$port /g") outfile="$zoneName.$port.csv" # cert -f json -skip-verify $hosts | jq > $zoneName.json cert -f json -skip-verify $hosts | jq -r '(. | map(leaf_paths) | unique) as $cols | map (. as $row | ($cols | map(. as $col | $row | getpath($col)))) as $rows | ([($cols | map(. | map(tostring) | join(".")))] + $rows) | map(@csv) | .[]' > $outfile
Run command to build csv
cert-scan-to-csv.sh example.com 443