Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2438 from drwetter/wildcard

Browse Source 
Implement warning for wildcard match
This commit is contained in:
Dirk Wetter
2023-11-10 19:41:08 +01:00
committed by GitHub
parent f59f3bd64b 81ba1fe818
commit 1a9a486474
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
testssl.sh
View File

@@ -9491,6 +9491,14 @@ certificate_info() {
fileout "cert_trust${json_postfix}" "$trust_sni_finding" "${trustfinding}${trustfinding_nosni}" fileout "cert_trust${json_postfix}" "$trust_sni_finding" "${trustfinding}${trustfinding_nosni}"
if [[ "$trust_sni" =~ ^(2|6|8|9|10)$ ]] || [[ "$trust_nosni" =~ ^(2|6|8|9|10)$ ]]; then
out "${spaces}"
pr_svrty_low "wildcard certificate" ; outln " could be problematic, see other hosts at"
outln "${spaces}https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=$cert_fingerprint_sha2"
fileout "cert_trust${json_postfix}_wildcard" "LOW" "trust is via wildcard"
fi
out "$indent"; pr_bold " Chain of trust"; out " " out "$indent"; pr_bold " Chain of trust"; out " "
jsonID="cert_chain_of_trust" jsonID="cert_chain_of_trust"
# Looks for CA's that have their trust removed by the first part of their Organization Name, add multiple with ^(TrustCor Systems|WoSign) etc. # Looks for CA's that have their trust removed by the first part of their Organization Name, add multiple with ^(TrustCor Systems|WoSign) etc.