Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement warning for wildcard match

Browse Source 
fixes #2122
This commit is contained in:
Dirk 2023-11-10 15:37:13 +01:00
parent f59f3bd64b
commit 81ba1fe818
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
testssl.sh
View File

@ -9491,6 +9491,14 @@ certificate_info() {
fileout "cert_trust${json_postfix}" "$trust_sni_finding" "${trustfinding}${trustfinding_nosni}" fileout "cert_trust${json_postfix}" "$trust_sni_finding" "${trustfinding}${trustfinding_nosni}"
if [[ "$trust_sni" =~ ^(2|6|8|9|10)$ ]] || [[ "$trust_nosni" =~ ^(2|6|8|9|10)$ ]]; then
out "${spaces}"
pr_svrty_low "wildcard certificate" ; outln " could be problematic, see other hosts at"
outln "${spaces}https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=$cert_fingerprint_sha2"
fileout "cert_trust${json_postfix}_wildcard" "LOW" "trust is via wildcard"
fi
out "$indent"; pr_bold " Chain of trust"; out " " out "$indent"; pr_bold " Chain of trust"; out " "
jsonID="cert_chain_of_trust" jsonID="cert_chain_of_trust"
# Looks for CA's that have their trust removed by the first part of their Organization Name, add multiple with ^(TrustCor Systems|WoSign) etc. # Looks for CA's that have their trust removed by the first part of their Organization Name, add multiple with ^(TrustCor Systems|WoSign) etc.