Difference between revisions of "Cert scan"

From UVOO Tech Wiki
Jump to navigation Jump to search
(Created page with "# Steps ## get-dnsRecords.ps1 ``` $ErrorActionPreference = "Stop" if ($args.Count -lt 2) { Write-Host "Usage: get-dnsRecords.ps1 <zone name/domain> <windows dns hostna...")
 
Line 17: Line 17:
 
# exit
 
# exit
  
$rsp = Invoke-Command -ComputerName wjp1-dc -ScriptBlock {
+
$rsp = Invoke-Command -ComputerName $dnsHost -ScriptBlock {
 
   param($zoneName, $dnsHost)
 
   param($zoneName, $dnsHost)
 
   $dnsRecords = Get-DnsServerResourceRecord -ZoneName $zoneName -RRType A
 
   $dnsRecords = Get-DnsServerResourceRecord -ZoneName $zoneName -RRType A

Revision as of 16:47, 19 January 2024

Steps

get-dnsRecords.ps1

$ErrorActionPreference = "Stop"

if ($args.Count -lt 2) {
    Write-Host "Usage:   get-dnsRecords.ps1 <zone name/domain> <windows dns hostname>"
    Write-Host "Example: get-dnsRecords.ps1 example win-dns-hostname"
    exit 1
}

$zoneName = $args[0]
$dnsHost = $args[1]

# write-host "$zoneName"
# exit

$rsp = Invoke-Command -ComputerName $dnsHost -ScriptBlock {
  param($zoneName, $dnsHost)
  $dnsRecords = Get-DnsServerResourceRecord -ZoneName $zoneName -RRType A
  foreach ($record in $dnsRecords) {
    Write-Output "$($record.HostName).$zoneName"
  }
  $dnsRecords = Get-DnsServerResourceRecord -ZoneName $zoneName -RRType CName
  foreach ($record in $dnsRecords) {
    Write-Output "$($record.HostName).$zoneName"
  }
} -ArgumentList $zoneName, $dnsHost
write-output "$rsp" | Out-File -FilePath ".\$($zoneName).records"
write-host "Records are in in file .\$($zoneName).records"

cert-scan.sh

cert-scan.sh

#!/bin/bash
set -eu



if [ "$#" -ne 1 ]; then
    echo "Usage:   $0 <zoneName>"
    echo "Example: $0 example.com"
    exit 1
fi

zoneName=$1
echo "Getting hosts array from $zoneName.records "

textToRemove="@.$zoneName"
hosts=$(cat $zoneName.records | sed 's/$textToRemove//g')
cert -f json -skip-verify $hosts | jq > $zoneName.json

echo "Check $zoneName.json for scan results."

Powershell scan

This only works if $hosts var array is smaller

$ErrorActionPreference = "Stop"

if ($args.Count -lt 1) {
    Write-Host "Usage:   cert-scan.ps1 <zoneName>"
    Write-Host "Example: cert-scan.ps1 example.com"
    exit 1
}

$zoneName = $args[0]
write-host "Getting hosts from $($zoneName).records "


$hosts = Get-Content .\$($zoneName).records
$textToRemove = "@.$zoneName"
$hosts = $hosts -replace [regex]::Escape($textToRemove), ""
$hosts = -split $hosts

cert.exe -f json -skip-verify $hosts
# cert.exe -f json -skip-verify $hosts | ConvertFrom-Json | ConvertTo-Json -Depth 10 > .\$($zoneName).json
write-host "Check $($zoneName).json for scan results."