1
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
SSL247Discovery Tool 1.0
Contents Introduction ............................................................................................................................................................... 2
Operation modes ....................................................................................................................................................... 2
Graphical user interface (GUI) mode ......................................................................................................................... 2
ssl247discovery Settings ............................................................................................................................................ 3
General parameters ................................................................................................................................................... 3
Target parameters ...................................................................................................................................................... 4
Output parameters..................................................................................................................................................... 6
Command line mode .................................................................................................................................................. 8
Available commands .................................................................................................................................................. 8
-h (hostnames) ........................................................................................................................................................... 8
-i (ip address) .............................................................................................................................................................. 9
-p (port) .................................................................................................................................................................... 10
-f (force) .................................................................................................................................................................... 10
-d (port discover) ...................................................................................................................................................... 10
-r (retry) .................................................................................................................................................................... 11
-t (timeout) ............................................................................................................................................................... 11
-c (config file) ............................................................................................................................................................ 11
Schedule Command Line Task .................................................................................................................................. 13
Minimum system requirements ............................................................................................................................... 17
Tool ........................................................................................................................................................................... 17
GUI tool .................................................................................................................................................................... 17
Installation ................................................................................................................................................................ 17
FAQ – Frequently Asked Questions .......................................................................................................................... 17
2
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Introduction
SSL247Discovery is a simple network scanning tool designed to discover which SSL certificates are implemented
on local/global networks.
Operation modes
The tool supports two modes - graphical user interface (GUI) mode and command line mode. If no parameters
are supplied, the tool will start in the default GUI mode.
Graphical user interface (GUI) mode
The GUI will start up by default when no command line parameters have been provided.
On start, the latest scan results will automatically be pulled and displayed.
From this main screen, it is possible to run a scan or configure additional scans using the settings.
3
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
SSL247Discovery Settings The settings section is divided into 3 parts – the general parameters, the target parameters and the output
parameters.
General parameters
The first section is the “General parameters”, which includes:
Port discover
Checks if the defined port is open or not.
Force (Force port test)
Forces a scan. Here, the tool will attempt to perform an SSL handshake even if the target has not
answered the ping.
This feature is useful when pinging and port discovery are disabled on the target firewall.
Retry
Defines how many times the tool will retry connecting if the first connection attempt times out.
Timeout
Network timeout in seconds. This defines how long the tool is going to wait for an answer before timing
out.
Max processes
Defines the maximum number of concurrent processes.
4
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Target parameters
The SSL247Discovery tool will attempt to get information based on the supplied addresses and ports.
The tool will for each target address on each target port.
Target Hostname(s).
Values:
String, comma separated
Example:
Ssl247.co.uk,ssl247.be:443
Possible values:
• Single hostname
Example: ssl247.co.uk
• List of hostnames
Example: ssl247.co.uk, google.com
• Single hostname plus port
Example: ssl247.co.uk:443
• List of hostnames plus port
Example: ssl247.co.uk:444, google.com:443
5
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Target IP(s)
Values:
String, comma separated, individual or range or CIDR
Example:
192.168.1.1, 192.168.1.2:80, 192.168.1.100192.168.1.200, 192.168.1.0/24
Possible values:
• Single IP address
Example: 192.168.1.1
• Single IP address plus port
Example: 192.168.1.3:443
• List of IP addresses
Example: 192.168.1.1, 192.168.1.2, 192.168.1.3
• List of IP addresses plus port
Example: 192.168.1.1:21, 192.168.1.2, 192.168.1.3:443
• Range of IP addresses
Example: 192.168.1.1-192.168.1.255
• CIDR
Example: 192.168.1.2/31
Target port(s)
Values:
String, comma separated, individual or range
Example:
80, 443, 450-470
Possible values:
• Empty – Default SSL Port
Port: 443
• Single port
Example: 443
• List of ports
Example: 443,21,23
• Range of ports
Example: 440-445
6
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Output parameters
CSV output
Outputs the results as comma separated values
Headers
"Common Name";"Target";"IP Address";"Start";"Expiry";"Hash";"Key Size";"SANs";"Organization
Name";"Organization Unit";"Organization Locality";"Organization Country";"Issuer Common Name";"Issuer
Organisation";"Issuer Organisation Unit";"Thumbprint";"Serial Number";"Signed"
Example values
"*.google.com";"google.com:443";"172.217.23.14:443";"08-12-2016";"02-03-2017";"SHA-
2";"2048";"['*.google.com', '*.android.com', '*.appengine.google.com', '*.cloud.google.com',
'*.google-analytics.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp',
'*.google.co.uk', '*.google.com.ar', '*.google.com.au', '*.google.com.br', '*.google.com.co',
'*.google.com.mx', '*.google.com.tr', '*.google.com.vn', '*.google.de', '*.google.es', '*.google.fr',
'*.google.hu', '*.google.it', '*.google.nl', '*.google.pl', '*.google.pt', '*.googleadapis.com',
'*.googleapis.cn', '*.googlecommerce.com', '*.googlevideo.com', '*.gstatic.cn', '*.gstatic.com', '*.gvt1.com',
'*.gvt2.com', '*.metric.gstatic.com', '*.urchin.com', '*.url.google.com', '*.youtubenocookie.com',
'*.youtube.com', '*.youtubeeducation.com', '*.ytimg.com',
'android.clients.google.com', 'android.com', 'developer.android.google.cn', 'g.co', 'goo.gl',
'google-analytics.com', 'google.com', 'googlecommerce.com', 'urchin.com', 'www.goo.gl',
'youtu.be', 'youtube.com', 'youtubeeducation.com']";"Google Inc";"N/A";"Mountain
View";"US";"Google Internet Authority G2";"Google
Inc";"N/A";"3d0a3655e76c335c0b18483e6e98e2c839fa28f8";"7DB3AD386927AC70";"Ca Signed"
7
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Excel CSV output
Outputs the results as comma separated values, interpretable by MS Excel
Headers
"Common Name";"Target";"IP Address";"Start";"Expiry";"Hash";"Key Size";"SANs";"Organization
Name";"Organization Unit";"Organization Locality";"Organization Country";"Issuer Common Name";"Issuer
Organisation";"Issuer Organisation Unit";"Thumbprint";"Serial Number";"Signed"
Example values
"*.google.com";"google.com:443";"172.217.23.14:443";"08-12-2016";"02-03-2017";"SHA-
2";"2048";"['*.google.com', '*.android.com', '*.appengine.google.com', '*.cloud.google.com',
'*.google-analytics.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp',
'*.google.co.uk', '*.google.com.ar', '*.google.com.au', '*.google.com.br', '*.google.com.co',
'*.google.com.mx', '*.google.com.tr', '*.google.com.vn', '*.google.de', '*.google.es', '*.google.fr',
'*.google.hu', '*.google.it', '*.google.nl', '*.google.pl', '*.google.pt', '*.googleadapis.com',
'*.googleapis.cn', '*.googlecommerce.com', '*.googlevideo.com', '*.gstatic.cn', '*.gstatic.com', '*.gvt1.com',
'*.gvt2.com', '*.metric.gstatic.com', '*.urchin.com', '*.url.google.com', '*.youtubenocookie.com',
'*.youtube.com', '*.youtubeeducation.com', '*.ytimg.com',
'android.clients.google.com', 'android.com', 'developer.android.google.cn', 'g.co', 'goo.gl',
'google-analytics.com', 'google.com', 'googlecommerce.com', 'urchin.com', 'www.goo.gl',
'youtu.be', 'youtube.com', 'youtubeeducation.com']";"Google Inc";"N/A";"Mountain
View";"US";"Google Internet Authority G2";"Google
Inc";"N/A";"3d0a3655e76c335c0b18483e6e98e2c839fa28f8";"7DB3AD386927AC70";"Ca Signed"
8
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Command line mode
The tool is also available in a command line run mode. This is useful for environments without the need for a
graphical interface, or for scheduled tasks. The commands are case sensitive, and they can be chained.
Example:
ssl247discovery.exe -i 192.168.1.1 -h ssl247.co.uk,google.com -p 443,80,20-23 -r 2
The results will be saved as <app root folder>/results/<current date and time>.csv
The SSL247Discovery tool will attempt to get information based on the supplied addresses and ports.
The tool will for each target address on each target port.
Available commands -h (hostnames)
Hostname(s). The target hostname(s)
Usage:
-h hostname(s) <String, comma separted> e.g.: ssl247.co.uk,ssl247.be:443
Example:
ssl247discovery.exe -h ssl247.co.uk
Possible values:
• Single hostname
Example: ssl247.co.uk
• List of hostnames
Example: ssl247.co.uk, google.com
• Single hostname plus port
Example: ssl247.co.uk:443
• List of hostnames plus port
Example: ssl247.co.uk:444, google.com:443
9
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
-i (ip address)
IP address(s). The target IP address(es)
Usage:
-i ip address(es) <String, comma separted, individual or range or cidr> e.g.: 192.168.1.1,
192.168.1.2:80, 192.168.1.100-192.168.1.200, 192.168.1.0/24
Example:
ssl247discovery.exe -i 192.168.1.220:443
Possible values:
• Single IP address
Example: 192.168.1.1
• Single IP address plus port
Example: 192.168.1.3:443
• List of IP addresses
Example: 192.168.1.1, 192.168.1.2, 192.168.1.3
• List of IP addresses plus port
Example: 192.168.1.1:21, 192.168.1.2, 192.168.1.3:443
• Range of IP addresses
Example: 192.168.1.1-192.168.1.255
• CIDR
Example: 192.168.1.2/31
10
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
-p (port)
Port(s). The ports associated to every target
Usage:
-p port(s) <String, comma separated, individual or range> e.g.: 80, 443, 450-470
Example:
ssl247discovery.exe -i 192.168.1.220 -p 443
Possible values:
• Empty – Default SSL Port
Port: 443
• Single port
Example: 443
• List of ports
Example: 443,21,23
• Range of ports
Example: 440-445
-f (force)
Forces a scan. Here, the tool will attempt to perform an SSL handshake even the target has not answered the
ping. This feature is useful when pinging and port discovery are disabled on the target firewall.
Usage:
-f force <True/False>
Example:
ssl247discovery.exe -h ssl247.co.uk -f True
-d (port discover)
Port discover. Checks if the defined port is open or not.
Usage:
-d port discover <True/False>
Example:
ssl247discovery.exe -h ssl247.co.uk -d False
11
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
-r (retry)
Retry number. Defines how many times the tool will retry connecting if the first connection attempt times out.
Usage:
-r retry <(integer)/False>
Example:
ssl247discovery.exe -h ssl247.co.uk -r 3
-t (timeout)
Network timeout in seconds. This defines how long the tool is going to wait for an answer before timing out.
Usage:
-t timeout <(integer)>
Example:
ssl247discovery.exe -h ssl247.co.uk -t 10
-c (config file)
Set the config variables from a predefined config file
Usage:
-c <config_file_path>
Example:
ssl247discovery.exe -c c:\settings.xml
12
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
The config file is an xml file. For format and options see below:
Fully featured examle:
< settings > > force < False > /force < > portdiscover < False > /portdiscover < > verbosity < False > rbosity /ve < > < retry False > /retry < timeout < > 2 /timeout > < ip > < 192.168.1.208 < /i p > > < cidr 192.168.1.0/24 > /cidr < < ip_range > > start < .1.208 192.168 /start < > < end > . 192.168.1 211 > /end < > /ip_range < < port > 80 > < /po rt < port > 443 < /p ort > < port_range > > < start 80 < /sta rt > < end > 450 > < /end < /port_range > < host > ssl247.co.uk < > /host < /settings >
13
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Schedule Command Line Task The command line mode can be run as a scheduled task when used with an xml configuration file and a batch
script.
See sample implementation below:
• Create setting.xml file, edit with required information and place in scanning tool folder
• Create ssl247discovery.bat file, add script(Image below) and place in scanning tool folder
14
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
• Open Windows Task Scheduler
• Click Create Task…
• Enter a Name for the task
• Click on the Trigger tab and then New… to add a new trigger
15
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
• Edit date, time and iteration settings as required
• Click on the Action tab and then New… to add a new action
16
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
• Select Start a program from the list of actions
• Click Browse and navigate to the ssl247discovery.bat file in the scanning tool folder
• Click the OK button to complete the setup
17
SSL247®
THE SECURITY CONSULTANTS
SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK
www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]
SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE
www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]
Minimum system requirements
Tool • 1 GHz 64-bit (x64) CPU
• 1 GB of RAM
• Windows 7 (64 bit) or higher
GUI tool • 1 GHz 64-bit (x64) CPU
• 1 GB of RAM
• 128 MB of graphics memory
• OpenGL (ES) 2.0+
• Windows 7 (64 bit) or higher
Installation
The scanning tool is a portable app and does not require installation.
However, writing permission for the system temp folder is required.
FAQ – Frequently Asked Questions
Q: Do I need administrative rights on the computer?
A: Yes.
Q: Does the tool require an active internet connection?
A: Yes, the tool communicates with trust stores.
Q: Are the scan results/details sent out to or shared with any third party?
A: No.