SSL/TLS and Certificates
Tools
SSL Cipher Suite Enum - ssl-cipher-suite enum is a Perl script to enumerate supported SSL cipher suites supported by network services (principally HTTPS)
Testssl.sh - a common tool used to audit the ciphers and protocols supported by remote servers, allowing people to determine if a secure configuration is enforced or not.
sslScrape - strips hostnames form certs over port 443 connections
SSLYZE - TLS/SSL config analyzer
tls_prober - A tool to fingerprint SSL/TLS servers
Certificate search
Crt.sh - Certificate Search
CTSearch - Certificate Transparency Search Tool
tls.bufferover.run - Quickly find certificates in IPv4 space
CertSpotter - Monitors your domains for expiring, unauthorized, and invalid SSL certificates
SynapsInt - The unified OSINT research tool
Censys - Certificates - Certificates Search
PassiveTotal - Security intelligence that scales security operations and response
OpenSSL
Used to create self signed certificates for SSL encryption
Tags
req - initiate a new certificate signing request
newkey - generate a new private key
rsa:2048 - use RSA encryption with a 2,048-bit key length
-nodes - store the private key without passphrase protection
-keyout - save the key to a file
-x509 - output a self-signed cert instead of a certificate request
-days - set validity period
-out - save this certificate to a file
Generate a self signed Certificate for a CA
Create a .pem file for use with tools like socat
You will be prompted for certain pieces of information as well as a password which can be used when signing certificates in the future, so do not forget this! Two files will be outputted:
ca.key
which contains the CA’s private key, andca.crt
which contains the CA’s public key certificate.Attacking Network Protocols - pg.200
Last updated