Class: Ronin::Recon::SSL::CertEnum

Inherits:
Worker
  • Object
show all
Defined in:
lib/ronin/recon/builtin/ssl/cert_enum.rb

Overview

A recon worker that enumerates over the host names within the SSL/TLS certificate.

Instance Method Summary collapse

Methods inherited from Worker

accepts, concurrency, #initialize, intensity, outputs, register, run

Constructor Details

This class inherits a constructor from Ronin::Recon::Worker

Instance Method Details

#process(cert) {|name| ... } ⇒ Object

Grabs the TLS certificate from the open port, if it supports SSL/TLS.

Parameters:

Yields:

  • (name)

    All host names, wildcard host names, IP addresses, or email addresses, from the SSL/TLS certificate will be yielded.

Yield Parameters:



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/ronin/recon/builtin/ssl/cert_enum.rb', line 61

def process(cert)
  subject_entries = cert.subject.to_a
  subject_entries.each do |entry|
    case entry[0]
    when 'CN' # Common Name
      case entry[1]
      when Value::Parser::DOMAIN_REGEX
        yield Domain.new(entry[1])
      when Value::Parser::HOSTNAME_REGEX
        yield Host.new(entry[1])
      end
    when 'emailAddress'
      yield EmailAddress.new(entry[1])
    end
  end

  subject_alt_names = cert.extensions.find do |ext|
    ext.oid == 'subjectAltName'
  end

  if subject_alt_names
    values = subject_alt_names.value.split(', ')

    values.each do |string|
      name, value = string.split(':',2)

      case name
      when 'DNS'
        case value
        when Value::Parser::DOMAIN_REGEX
          yield Domain.new(value)
        when Value::Parser::HOSTNAME_REGEX
          yield Host.new(value)
        when Value::Parser::WILDCARD_REGEX
          yield Wildcard.new(value)
        end
      when 'IP'
        yield IP.new(value)
      when 'email'
        yield EmailAddress.new(value)
      end
    end
  end
end