Jump to content

using nmap for cert discovery and alerting


mr.automation

Recommended Posts

I'm trying to think of a way to use nmap to scan a range of IP's only on 443 to discover certs and then put this information into a file so that I can alerts on ones that are expiring.

using something like "nmap -sV -p 443 <ip_range> will give you very simple results about the port being open and I think there is an NSE script for ssl-cert, but has anyone done something like this where you could get the cert name, expiry date, key and the output that to a file so you could run another on it to send out an e-mail alert if the cert is less than 30 days from expiring or expired?

Link to comment
Share on other sites

for ip in 127.0.0.{0..255}
do  openssl s_client -connect $ip:443 -showcerts > $ip.crt
done

I'm guessing you can parse the information in the produced files later (or as a part of the loop here) to see what needs to be done next, if anything.

Link to comment
Share on other sites

awesome. thanks.

I also found a tool online that's free that does the bulk of this as well. Just in case people want to use this:

https://www.digicert.com/cert-inspector.htm

Just requires a free account but it will give you the cert, what hosts are using, it's weaknesses, expiry dates, etc.

Still, nice to have both options.

Thanks for the help.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...