Scanning Subnet for Issuing Certificate Authority with OpenSSL
Computers

Scanning Subnet for Issuing Certificate Authority with OpenSSL

I was asked a question if there was an easy way to scan an entire subnet and display not the certificate of each device or service but the certificate authority which provided it.  I thought there has to be a relatively easy way of doing so, and here it is!  This is a relatively simple solution and doesn’t take account of things like SNI.  If you need SNI support you will have to tweak the code below and probably include the -servername switch in the initial s_client line.  Drop a comment below if you want a help with this.

The code below asumes you want to scan 192.168.50.10 to 192.168.50.20, obviously you may want to change your code accordingly.  We are using the standard openssl command line tool with the s_client which allows us to open TLS connections to various things, in this case we are scanning web servers.

You can either copy and paste this whole block and run it as a single command or stick it in a file and run it from there, the choice is yours.

for ip in 192.168.50.{1..20};
do
   printf ${ip};
   printf 'Q' | openssl s_client -showcerts -connect ${ip}:443 2> /dev/null | openssl x509 -text 2> /dev/null | grep 'Issuer\:';
   printf '%s\n';
done;

Output should look like the following:

192.168.50.1 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.2
192.168.50.3
192.168.50.4 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2b/[email protected]
192.168.50.5 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2b/[email protected]
192.168.50.6
192.168.50.7
192.168.50.8
192.168.50.9 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.10
192.168.50.11
192.168.50.12
192.168.50.13 Issuer: C=US, ST=NY, L=NY, O=Gyp the Cat dot Com, CN=Gyp CA/[email protected]
192.168.50.14
192.168.50.15
192.168.50.16
192.168.50.17 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.18 Issuer: C=US, ST=CA, L=Irvine, O=Some Corporation, CN=Corp Cert – Level 2a/[email protected]
192.168.50.19
192.168.50.20 Issuer: C=US, ST=CA, L=San Jose, O=ubnt.com, OU=UniFi, CN=UniFi

Written by gyp - April 21, 2017 - 12283 Views
Tags | , , ,

You Might Also Like

Nginx Not Showing Client IP and Varnish Not Forwarding Client IP

October 2, 2012

Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)

May 27, 2017

Useful SSH Commands (Including Mac OSX)

June 20, 2013

No Comment

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *