ssl247discovery tool 1 - s3-eu-west-1.amazonaws.com · 192.168.1.2:80, 192.168.1.100-192.168.1.200,...

1

SSL247®

THE SECURITY CONSULTANTS

SSL247 Ltd. Suite Q, 2 East Poultry Avenue | Farringdon | London EC1A 9PT | UK

www.SSL247.co.uk | + 44 (0)20 3143 4120 | [email protected]

SSL247 SARL 102 Boulevard Montesquieu | Bâtiment F | 59100 Roubaix | FRANCE

www.SSL247.fr | + 33 (0) 3 66 72 95 95 | [email protected]

SSL247Discovery Tool 1.0

Contents Introduction ............................................................................................................................................................... 2

Operation modes ....................................................................................................................................................... 2

Graphical user interface (GUI) mode ......................................................................................................................... 2

ssl247discovery Settings ............................................................................................................................................ 3

General parameters ................................................................................................................................................... 3

Target parameters ...................................................................................................................................................... 4

Output parameters..................................................................................................................................................... 6

Command line mode .................................................................................................................................................. 8

Available commands .................................................................................................................................................. 8

-h (hostnames) ........................................................................................................................................................... 8

-i (ip address) .............................................................................................................................................................. 9

-p (port) .................................................................................................................................................................... 10

-f (force) .................................................................................................................................................................... 10

-d (port discover) ...................................................................................................................................................... 10

-r (retry) .................................................................................................................................................................... 11

-t (timeout) ............................................................................................................................................................... 11

-c (config file) ............................................................................................................................................................ 11

Schedule Command Line Task .................................................................................................................................. 13

Minimum system requirements ............................................................................................................................... 17

Tool ........................................................................................................................................................................... 17

GUI tool .................................................................................................................................................................... 17

Installation ................................................................................................................................................................ 17

FAQ – Frequently Asked Questions .......................................................................................................................... 17

2

SSL247®






Introduction

SSL247Discovery is a simple network scanning tool designed to discover which SSL certificates are implemented

on local/global networks.

Operation modes

The tool supports two modes - graphical user interface (GUI) mode and command line mode. If no parameters

are supplied, the tool will start in the default GUI mode.

Graphical user interface (GUI) mode

The GUI will start up by default when no command line parameters have been provided.

On start, the latest scan results will automatically be pulled and displayed.

From this main screen, it is possible to run a scan or configure additional scans using the settings.

3

SSL247®






SSL247Discovery Settings The settings section is divided into 3 parts – the general parameters, the target parameters and the output

parameters.

General parameters

The first section is the “General parameters”, which includes:

Port discover

Checks if the defined port is open or not.

Force (Force port test)

Forces a scan. Here, the tool will attempt to perform an SSL handshake even if the target has not

answered the ping.

This feature is useful when pinging and port discovery are disabled on the target firewall.

Retry

Defines how many times the tool will retry connecting if the first connection attempt times out.

Timeout

Network timeout in seconds. This defines how long the tool is going to wait for an answer before timing

out.

Max processes

Defines the maximum number of concurrent processes.

4

SSL247®






Target parameters

The SSL247Discovery tool will attempt to get information based on the supplied addresses and ports.

The tool will for each target address on each target port.

Target Hostname(s).

Values:

String, comma separated

Example:

Ssl247.co.uk,ssl247.be:443

Possible values:

• Single hostname

Example: ssl247.co.uk

• List of hostnames

Example: ssl247.co.uk, google.com

• Single hostname plus port

Example: ssl247.co.uk:443

• List of hostnames plus port

Example: ssl247.co.uk:444, google.com:443

5

SSL247®






Target IP(s)

Values:

String, comma separated, individual or range or CIDR

Example:

192.168.1.1, 192.168.1.2:80, 192.168.1.100192.168.1.200, 192.168.1.0/24

Possible values:

• Single IP address

Example: 192.168.1.1

• Single IP address plus port

Example: 192.168.1.3:443

• List of IP addresses

Example: 192.168.1.1, 192.168.1.2, 192.168.1.3

• List of IP addresses plus port

Example: 192.168.1.1:21, 192.168.1.2, 192.168.1.3:443

• Range of IP addresses

Example: 192.168.1.1-192.168.1.255

• CIDR

Example: 192.168.1.2/31

Target port(s)

Values:

String, comma separated, individual or range

Example:

80, 443, 450-470

Possible values:

• Empty – Default SSL Port

Port: 443

• Single port

Example: 443

• List of ports

Example: 443,21,23

• Range of ports

Example: 440-445

6

SSL247®






Output parameters

CSV output

Outputs the results as comma separated values

Headers

"Common Name";"Target";"IP Address";"Start";"Expiry";"Hash";"Key Size";"SANs";"Organization

Name";"Organization Unit";"Organization Locality";"Organization Country";"Issuer Common Name";"Issuer

Organisation";"Issuer Organisation Unit";"Thumbprint";"Serial Number";"Signed"

Example values

"*.google.com";"google.com:443";"172.217.23.14:443";"08-12-2016";"02-03-2017";"SHA-

2";"2048";"['*.google.com', '*.android.com', '*.appengine.google.com', '*.cloud.google.com',

'*.google-analytics.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp',

'*.google.co.uk', '*.google.com.ar', '*.google.com.au', '*.google.com.br', '*.google.com.co',

'*.google.com.mx', '*.google.com.tr', '*.google.com.vn', '*.google.de', '*.google.es', '*.google.fr',

'*.google.hu', '*.google.it', '*.google.nl', '*.google.pl', '*.google.pt', '*.googleadapis.com',

'*.googleapis.cn', '*.googlecommerce.com', '*.googlevideo.com', '*.gstatic.cn', '*.gstatic.com', '*.gvt1.com',

'*.gvt2.com', '*.metric.gstatic.com', '*.urchin.com', '*.url.google.com', '*.youtubenocookie.com',

'*.youtube.com', '*.youtubeeducation.com', '*.ytimg.com',

'android.clients.google.com', 'android.com', 'developer.android.google.cn', 'g.co', 'goo.gl',

'google-analytics.com', 'google.com', 'googlecommerce.com', 'urchin.com', 'www.goo.gl',

'youtu.be', 'youtube.com', 'youtubeeducation.com']";"Google Inc";"N/A";"Mountain

View";"US";"Google Internet Authority G2";"Google

Inc";"N/A";"3d0a3655e76c335c0b18483e6e98e2c839fa28f8";"7DB3AD386927AC70";"Ca Signed"

7

SSL247®






Excel CSV output

Outputs the results as comma separated values, interpretable by MS Excel

Headers

"Common Name";"Target";"IP Address";"Start";"Expiry";"Hash";"Key Size";"SANs";"Organization

Name";"Organization Unit";"Organization Locality";"Organization Country";"Issuer Common Name";"Issuer

Organisation";"Issuer Organisation Unit";"Thumbprint";"Serial Number";"Signed"

Example values

"*.google.com";"google.com:443";"172.217.23.14:443";"08-12-2016";"02-03-2017";"SHA-

2";"2048";"['*.google.com', '*.android.com', '*.appengine.google.com', '*.cloud.google.com',

'*.google-analytics.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp',

'*.google.co.uk', '*.google.com.ar', '*.google.com.au', '*.google.com.br', '*.google.com.co',

'*.google.com.mx', '*.google.com.tr', '*.google.com.vn', '*.google.de', '*.google.es', '*.google.fr',

'*.google.hu', '*.google.it', '*.google.nl', '*.google.pl', '*.google.pt', '*.googleadapis.com',

'*.googleapis.cn', '*.googlecommerce.com', '*.googlevideo.com', '*.gstatic.cn', '*.gstatic.com', '*.gvt1.com',

'*.gvt2.com', '*.metric.gstatic.com', '*.urchin.com', '*.url.google.com', '*.youtubenocookie.com',

'*.youtube.com', '*.youtubeeducation.com', '*.ytimg.com',

'android.clients.google.com', 'android.com', 'developer.android.google.cn', 'g.co', 'goo.gl',

'google-analytics.com', 'google.com', 'googlecommerce.com', 'urchin.com', 'www.goo.gl',

'youtu.be', 'youtube.com', 'youtubeeducation.com']";"Google Inc";"N/A";"Mountain

View";"US";"Google Internet Authority G2";"Google

Inc";"N/A";"3d0a3655e76c335c0b18483e6e98e2c839fa28f8";"7DB3AD386927AC70";"Ca Signed"

8

SSL247®






Command line mode

The tool is also available in a command line run mode. This is useful for environments without the need for a

graphical interface, or for scheduled tasks. The commands are case sensitive, and they can be chained.

Example:

ssl247discovery.exe -i 192.168.1.1 -h ssl247.co.uk,google.com -p 443,80,20-23 -r 2

The results will be saved as <app root folder>/results/<current date and time>.csv

The SSL247Discovery tool will attempt to get information based on the supplied addresses and ports.

The tool will for each target address on each target port.

Available commands -h (hostnames)

Hostname(s). The target hostname(s)

Usage:

-h hostname(s) <String, comma separted> e.g.: ssl247.co.uk,ssl247.be:443

Example:

ssl247discovery.exe -h ssl247.co.uk

Possible values:

• Single hostname

Example: ssl247.co.uk

• List of hostnames

Example: ssl247.co.uk, google.com

• Single hostname plus port

Example: ssl247.co.uk:443

• List of hostnames plus port

Example: ssl247.co.uk:444, google.com:443

9

SSL247®






-i (ip address)

IP address(s). The target IP address(es)

Usage:

-i ip address(es) <String, comma separted, individual or range or cidr> e.g.: 192.168.1.1,

192.168.1.2:80, 192.168.1.100-192.168.1.200, 192.168.1.0/24

Example:

ssl247discovery.exe -i 192.168.1.220:443

Possible values:

• Single IP address

Example: 192.168.1.1

• Single IP address plus port

Example: 192.168.1.3:443

• List of IP addresses

Example: 192.168.1.1, 192.168.1.2, 192.168.1.3

• List of IP addresses plus port

Example: 192.168.1.1:21, 192.168.1.2, 192.168.1.3:443

• Range of IP addresses

Example: 192.168.1.1-192.168.1.255

• CIDR

Example: 192.168.1.2/31

10

SSL247®






-p (port)

Port(s). The ports associated to every target

Usage:

-p port(s) <String, comma separated, individual or range> e.g.: 80, 443, 450-470

Example:

ssl247discovery.exe -i 192.168.1.220 -p 443

Possible values:

• Empty – Default SSL Port

Port: 443

• Single port

Example: 443

• List of ports

Example: 443,21,23

• Range of ports

Example: 440-445

-f (force)

Forces a scan. Here, the tool will attempt to perform an SSL handshake even the target has not answered the

ping. This feature is useful when pinging and port discovery are disabled on the target firewall.

Usage:

-f force <True/False>

Example:

ssl247discovery.exe -h ssl247.co.uk -f True

-d (port discover)

Port discover. Checks if the defined port is open or not.

Usage:

-d port discover <True/False>

Example:

ssl247discovery.exe -h ssl247.co.uk -d False

11

SSL247®






-r (retry)

Retry number. Defines how many times the tool will retry connecting if the first connection attempt times out.

Usage:

-r retry <(integer)/False>

Example:

ssl247discovery.exe -h ssl247.co.uk -r 3

-t (timeout)

Network timeout in seconds. This defines how long the tool is going to wait for an answer before timing out.

Usage:

-t timeout <(integer)>

Example:

ssl247discovery.exe -h ssl247.co.uk -t 10

-c (config file)

Set the config variables from a predefined config file

Usage:

-c <config_file_path>

Example:

ssl247discovery.exe -c c:\settings.xml

12

SSL247®






The config file is an xml file. For format and options see below:

Fully featured examle:

< settings > > force < False > /force < > portdiscover < False > /portdiscover < > verbosity < False > rbosity /ve < > < retry False > /retry < timeout < > 2 /timeout > < ip > < 192.168.1.208 < /i p > > < cidr 192.168.1.0/24 > /cidr < < ip_range > > start < .1.208 192.168 /start < > < end > . 192.168.1 211 > /end < > /ip_range < < port > 80 > < /po rt < port > 443 < /p ort > < port_range > > < start 80 < /sta rt > < end > 450 > < /end < /port_range > < host > ssl247.co.uk < > /host < /settings >

13

SSL247®






Schedule Command Line Task The command line mode can be run as a scheduled task when used with an xml configuration file and a batch

script.

See sample implementation below:

• Create setting.xml file, edit with required information and place in scanning tool folder

• Create ssl247discovery.bat file, add script(Image below) and place in scanning tool folder

14

SSL247®






• Open Windows Task Scheduler

• Click Create Task…

• Enter a Name for the task

• Click on the Trigger tab and then New… to add a new trigger

15

SSL247®






• Edit date, time and iteration settings as required

• Click on the Action tab and then New… to add a new action

16

SSL247®






• Select Start a program from the list of actions

• Click Browse and navigate to the ssl247discovery.bat file in the scanning tool folder

• Click the OK button to complete the setup

17

SSL247®






Minimum system requirements

Tool • 1 GHz 64-bit (x64) CPU

• 1 GB of RAM

• Windows 7 (64 bit) or higher

GUI tool • 1 GHz 64-bit (x64) CPU

• 1 GB of RAM

• 128 MB of graphics memory

• OpenGL (ES) 2.0+

• Windows 7 (64 bit) or higher

Installation

The scanning tool is a portable app and does not require installation.

However, writing permission for the system temp folder is required.

FAQ – Frequently Asked Questions

Q: Do I need administrative rights on the computer?

A: Yes.

Q: Does the tool require an active internet connection?

A: Yes, the tool communicates with trust stores.

Q: Are the scan results/details sent out to or shared with any third party?

A: No.

ssl247discovery tool 1 - s3-eu-west-1.amazonaws.com · 192.168.1.2:80, 192.168.1.100-192.168.1.200,...

Documents