Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identify invalid hostname #58

Closed
Techbrunch opened this issue Jul 21, 2022 · 4 comments
Closed

Identify invalid hostname #58

Techbrunch opened this issue Jul 21, 2022 · 4 comments

Comments

@Techbrunch
Copy link

Techbrunch commented Jul 21, 2022
edited
Loading

I'm not sure if self-signed certificates should also be flagged as mismatched:

❯ echo "target.com" | tlsx -silent -mm
target.com:443 [mismatched]
❯ echo "target.com" | tlsx -silent -cn
target.com:443 [sslvpn]
❯ echo "target.com" | tlsx -silent -ss
target.com:443 [self-signed]

Maybe the logic could be that if the cn is not a valid domain / subdomain it should not be flagged as a mismatch ?

Also the fact that you cannot combine -cn and -mm or -ss is really too bad since it makes it harder to identify problems.

My workaround:

cat subdomains.txt|tlsx -silent -mm -ss|grep -E 'mismatch|signed'|cut -d':' -f1|tlsx -silent -cn
@Techbrunch Techbrunch added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jul 21, 2022
@ehsandeep
Copy link
Member

@Techbrunch could you DM me (pd-team) on discord with the host to confirm this behavior?

@ehsandeep ehsandeep added the Priority: Medium This issue may be useful, and needs some attention. label Jul 22, 2022
@Techbrunch
Copy link
Author

I updated the issue, this is not a bug.

@Techbrunch Techbrunch changed the title Bug with -mm flag Identify invalid hostname Jul 28, 2022
@forgedhallpass forgedhallpass added Type: Enhancement Most issues will probably ask for additions or changes. and removed Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. labels Jul 28, 2022
@Mzack9999 Mzack9999 added the Status: On Hold Similar to blocked, but is assigned to someone label Jul 29, 2022
@Mzack9999
Copy link
Member

@ehsandeep we need to detail more the required changes and provide examples

@ehsandeep
Copy link
Member

@Techbrunch using CLI flag output for post processing is not good idea when you have all the information included in JSON output without any limits.

here is an example to make use of json output and doing what you shared above without running the scan twice, also the json output will saved to file, so you can reproces the data for any other information.

tlsx -silent -u wrong.host.badssl.com,self-signed.badssl.com,expired.badssl.com -json -o scan | jq -r 'select(.mismatched==true, .self_signed==true) | .host + " [" + .subject_cn +"]"'

wrong.host.badssl.com [*.badssl.com]
self-signed.badssl.com [*.badssl.com]

similarly, you can post process the subject_cn field for invalid hostname detection (depending on what exactly mean by invalid hostname), hopefully we can also have template for specific cases, once tlsx added into nuclei as part of projectdiscovery/nuclei#2368, closing this ticket as mismatch detection is working as intended.

@ehsandeep ehsandeep closed this as not planned Won't fix, can't repro, duplicate, stale Jul 30, 2022
@ehsandeep ehsandeep removed Priority: Medium This issue may be useful, and needs some attention. Status: On Hold Similar to blocked, but is assigned to someone Type: Enhancement Most issues will probably ask for additions or changes. labels Jul 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Techbrunch @ehsandeep @Mzack9999 @forgedhallpass