sslsearch
sslsearch copied to clipboard
Hunt SSL Certificates for interesting keywords on major cloud service providers / internet
SSL Search
Hunt SSL Certificates for interesting keywords on major cloud service providers.
Details - https://medium.com/@harsh8v/ssl-search-a-tool-to-identify-infrastructure-and-discover-attack-surfaces-449c83269574
Installation
go install github.com/HarshVaragiya/sslsearch@latest
Features
- Search Cloud Service Providers IP Ranges / Given IP CIDR for keywords in SSL Certificate Subject / SANs
- Perform Initial fingerprinting (https server header grabbing / JARM fingerprinting)
Cloud Service Provider | Region String Example | JARM | Server Header |
---|---|---|---|
Amazon Web Services | us-east-1 | ✅ | ✅ |
Cloudflare | - | ✅ | ✅ |
Digital Ocean | NL_NL-NH_Amsterdam | ✅ | ✅ |
Google Cloud Platform | us-west4 | ✅ | ✅ |
Oracle Cloud Infrastructure | ca-montreal-1 | ✅ | ✅ |
Raw CIDR / IP Range | - | ✅ | ✅ |
Potential uses
- Identifying Infrastructure / Attack Surface for a given scope.
- Bug Bounty recon.
- Scanning a whole CSP Region & Identifying Servers / Services of interest along with SSL certificate information.
- Scanning the whole Internet / Country's CIDRs & Collecting JARM fingerprints / Server Headers along with SSL certificate information.
- Finding Mail / RDP / Other services belonging to a target that use x509 certificates to secure connections.
References
Ideated after following the following research projects :
- https://github.com/jhaddix/awsScrape
- https://github.com/femueller/cloud-ip-ranges
- https://github.com/hdm/jarm-go
- https://github.com/salesforce/jarm