Wildcard TLS Certificate

ID: wildcard-tls

Severity: info

Author: lucky0x0d

Tags: ssl,tls,wildcard

Description

Checks a sites certificate to see if there are wildcard CN or SAN entries.

YAML Source

id: wildcard-tls

info:
  name: Wildcard TLS Certificate
  author: lucky0x0d
  severity: info
  description: |
    Checks a sites certificate to see if there are wildcard CN or SAN entries.
  reference:
    - https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html#carefully-consider-the-use-of-wildcard-certificates
  metadata:
    max-request: 1
  tags: ssl,tls,wildcard
ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
      - type: dsl
        dsl:
          - wildcard_certificate == true

    extractors:
      - type: dsl
        dsl:
          - '"CN: " + subject_cn'
          - '" SAN: " + subject_an'
# digest: 4a0a00473045022100d212781d5e370a83cdcdcf7dca48f9a78bcfcee1408c49b01c2ab1c6fe52226402204be3b6749e1cafbb12f6e6a4a35a58af056b52164821096aaa4d8e3026e831b0:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "ssl/wildcard-tls.yaml"

View on Github