• Home
  • The Song
  • The Avatar
  • The Cat
  • Contact the Cat

Gyp the Cat dot Com

Scanning Subnet for Issuing Certificate Authority with OpenSSL
Computers

Scanning Subnet for Issuing Certificate Authority with OpenSSL

I was asked a question if there was an easy way to scan an entire subnet and display not the certificate of each device or service but the certificate authority which provided it.  I thought there has to be a relatively easy way of doing so, and here it is!  This is a relatively simple solution and doesn’t take account of things like SNI.  If you need SNI support you will have to tweak the code below and probably include the -servername switch in the initial s_client line.  Drop a comment below if you want a help with this.

The code below asumes you want to scan 192.168.50.10 to 192.168.50.20, obviously you may want to change your code accordingly.  We are using the standard openssl command line tool with the s_client which allows us to open TLS connections to various things, in this case we are scanning web servers.

You can either copy and paste this whole block and run it as a single command or stick it in a file and run it from there, the choice is yours.

for ip in 192.168.50.{1..20};
do
   printf ${ip};
   printf 'Q' | openssl s_client -showcerts -connect ${ip}:443 2> /dev/null | openssl x509 -text 2> /dev/null | grep 'Issuer\:';
   printf '%s\n';
done;

Output should look like the following:

192.168.50.1 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.2
192.168.50.3
192.168.50.4 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2b/[email protected]
192.168.50.5 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2b/[email protected]
192.168.50.6
192.168.50.7
192.168.50.8
192.168.50.9 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.10
192.168.50.11
192.168.50.12
192.168.50.13 Issuer: C=US, ST=NY, L=NY, O=Gyp the Cat dot Com, CN=Gyp CA/[email protected]
192.168.50.14
192.168.50.15
192.168.50.16
192.168.50.17 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.18 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.19
192.168.50.20 Issuer: C=US, ST=CA, L=San Jose, O=ubnt.com, OU=UniFi, CN=UniFi

Related

Written by gyp - April 21, 2017 - 2129 Views
Tags | cryptography, linux, openssl, ubuntu

You Might Also Like

How to Create a CSR with Nginx using OpenSSL

July 11, 2012
Padlock

How to Secure phpMyAdmin on Ubuntu

November 25, 2011

Securing WordPress from Brute Force Attacks by Country Blocking on Nginx

July 11, 2015

No Comment

Please Post Your Comments & Reviews
Cancel reply

Your email address will not be published. Required fields are marked *

Previous Post
Next Post

Latest Posts

  • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
  • Sorry for the lack of posts
  • How to Block Internet Access with Group Policy (GPO)
  • Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)
  • Scanning Subnet for Issuing Certificate Authority with OpenSSL
  • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
  • Steam & Valve IP Ranges
  • Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections
  • Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan
  • How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense

Top Posts & Pages

  • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
  • How to Block Internet Access with Group Policy (GPO)
    How to Block Internet Access with Group Policy (GPO)
  • Tinyproxy A Quick and Easy Proxy Server on Ubuntu
    Tinyproxy A Quick and Easy Proxy Server on Ubuntu
  • ISEB Business Analysis (BA) Revision Notes
    ISEB Business Analysis (BA) Revision Notes
  • How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense
    How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense
  • Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections
    Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections
  • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
  • How to Install a SSL Certificate on Nginx
    How to Install a SSL Certificate on Nginx
  • IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
    IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
  • Top 5 Deep Web Myths (and why it's not as exciting as you think it is)
    Top 5 Deep Web Myths (and why it's not as exciting as you think it is)

Tags

adobe apache2 blops business cheating cissp cloudflare cryptography dns exchange game google gyp internet iphone ipsec isc iseb linux mac marketing microsoft misc mw2 mx mysql nginx pfsense postfix proxy ps3 qualification revision security seo smtp socks squid ssh strongswan tinyproxy ubuntu windows 2012 wordpress xdecrypt.com
Gyp the Cat dot Com

Some rights retained Gyp the Cat Dot Com