nuclei-templates/ssl/kubernetes-fake-certificate...

id: kubernetes-fake-certificate

info:
  name: Kubernetes Fake Ingress Certificate - Detect
  author: kchason
  severity: low
  description: |
    Kubernetes Fake Ingress Certificate is a feature in Kubernetes that allows users to create and use fake or self-signed SSL/TLS certificates for testing purposes without having to obtain a real SSL/TLS certificate from a trusted Certificate Authority (CA).
  remediation: Purchase or generate a proper SSL certificate for this service.
  reference:
    - https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress/
  metadata:
    verified: true
    max-request: 1
    shodan-query: ssl:"Kubernetes Ingress Controller Fake Certificate"
  tags: ssl,tls,kubernetes,self-signed
ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
      - type: dsl
        dsl:
          - 'subject_cn == "Kubernetes Ingress Controller Fake Certificate"'
          - 'issuer_cn == "Kubernetes Ingress Controller Fake Certificate"'
        condition: or

    extractors:
      - type: dsl
        dsl:
          - '"Issuer: " + issuer_cn'
# digest: 4b0a00483046022100d2f2bb14953ff9476f93b5bad3e3b08241fdb92301b624aa7b7cd2686c5a9a0b022100ba43be07509719a30e72d3333ac133dc23a3aa1d51125137e6fb8f9c0291fb0d:922c64590222798bb761d5b6d8e72950
Add template for Kubernetes Fake Certificates 2023-03-25 18:30:44 +00:00			`id: kubernetes-fake-certificate`

			`info:`
minor -update 2023-03-27 13:31:27 +00:00			`name: Kubernetes Fake Ingress Certificate - Detect`
Add template for Kubernetes Fake Certificates 2023-03-25 18:30:44 +00:00			`author: kchason`
			`severity: low`
minor -update 2023-03-27 13:31:27 +00:00			`description: \|`
			`Kubernetes Fake Ingress Certificate is a feature in Kubernetes that allows users to create and use fake or self-signed SSL/TLS certificates for testing purposes without having to obtain a real SSL/TLS certificate from a trusted Certificate Authority (CA).`
Update kubernetes-fake-certificate.yaml 2023-03-27 18:21:24 +00:00			`remediation: Purchase or generate a proper SSL certificate for this service.`
Add template for Kubernetes Fake Certificates 2023-03-25 18:30:44 +00:00			`reference:`
			`- https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress/`
minor -update 2023-03-27 13:31:27 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
minor -update 2023-03-27 13:31:27 +00:00			`shodan-query: ssl:"Kubernetes Ingress Controller Fake Certificate"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: ssl,tls,kubernetes,self-signed`
Add template for Kubernetes Fake Certificates 2023-03-25 18:30:44 +00:00			`ssl:`
			`- address: "{{Host}}:{{Port}}"`
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- 'subject_cn == "Kubernetes Ingress Controller Fake Certificate"'`
			`- 'issuer_cn == "Kubernetes Ingress Controller Fake Certificate"'`
			`condition: or`

			`extractors:`
			`- type: dsl`
			`dsl:`
YAML formatting for template 2023-03-25 21:30:31 +00:00			`- '"Issuer: " + issuer_cn'`
Auto Template Signing [Fri Jan 26 08:31:11 UTC 2024] :robot: 2024-01-26 08:31:11 +00:00			`# digest: 4b0a00483046022100d2f2bb14953ff9476f93b5bad3e3b08241fdb92301b624aa7b7cd2686c5a9a0b022100ba43be07509719a30e72d3333ac133dc23a3aa1d51125137e6fb8f9c0291fb0d:922c64590222798bb761d5b6d8e72950`