-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathCertInfo.ps1
More file actions
114 lines (97 loc) · 2.66 KB
/
CertInfo.ps1
File metadata and controls
114 lines (97 loc) · 2.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
function Get-SSLNames {
<#
.SYNOPSIS
Get names from web server's certificate
.DESCRIPTION
Access the targeted SSL/TLS server and extract names from the certificate
.NOTES
Author: Tim Medin, Red Siege, tim@redsiege.com
.EXAMPLE
Get-SSLNames 192.168.8.2
.EXAMPLE
"192.168.8.2" | Get-SSLNames
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)]
[string[]]$Targets,
[Parameter(Position = 1)]
[ValidateRange(1,65535)]
[int[]]$Ports = 443,
[Parameter(Position = 2)]
[int]$Timeout = 3000
)
# convert targets to IP Addresses
$IPs = @()
foreach ($Target in $Targets) {
# Is it an IP Address?
try {
$IP = [ipaddress]$Target
$IPS += $IP
} catch {
# not an IP
[System.Net.Dns]::GetHostAddresses($Target) | % {
$IPS += $_
}
}
}
$results = foreach ($IP in $IPs) {
foreach ($Port in $Ports) {
Get-SSLNamesObject -Target $IP -Port $Port -Timeout $Timeout -ErrorAction SilentlyContinue | Select-Object -ExpandProperty AllNames | % {
$ht = [ordered]@{
Name = $_
IPAddress = $IP;
Port = $Port;
}
New-Object -TypeName PSObject -Property $ht
}
}
}
$results
}
function Get-SSLNamesObject {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)]
[string]$Target,
[Parameter(Position = 1)]
[ValidateRange(1,65535)]
[int]$Port = 443,
[Parameter(Position = 2)]
[int]$Timeout = 3000
)
# get the connection
$ConnectString = "https://$target`:$port"
$WebRequest = [Net.WebRequest]::Create($ConnectString)
$WebRequest.Timeout = $Timeout
#$WebRequest.AllowAutoRedirect = $true
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
try {$Response = $WebRequest.GetResponse()}
catch {}
# attempt to get the cert
if ($WebRequest.ServicePoint.Certificate -ne $null) {
$Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle
try {$SAN = ($Cert.Extensions | Where-Object {$_.Oid.Value -eq "2.5.29.17"}).Format(0) -split ", "}
catch {$SAN = $null}
# make the CN pretty
$Subject = $WebRequest.ServicePoint.Certificate.Subject
# set the $Matches object
$Subject -match'(?<=CN=)[^,]+' | Out-Null
$CN = $Matches[0]
$AllNames = @($CN)
# fix the SAN
if ($SAN) {
$SANPretty = $SAN | % { $_ -replace "DNS Name=", "" }
$AllNames += $SANPretty
$AllNames = $AllNames | select -uniq
}
New-Object -TypeName PSObject -Property @{
CommonName = $CN;
SubjectAlternativeNames = $SANPretty;
AllNames = $AllNames;
}
[Net.ServicePointManager]::ServerCertificateValidationCallback = $null
} else {
Write-Error $Error[0]
}
}