From e42e7274ede8e858db13eb00158afcf4578129be Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 9 Mar 2023 11:32:21 +0530 Subject: [PATCH 1/2] Revoked SSL Certificate - Detect --- ssl/revoked-ssl-certificate.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 ssl/revoked-ssl-certificate.yaml diff --git a/ssl/revoked-ssl-certificate.yaml b/ssl/revoked-ssl-certificate.yaml new file mode 100644 index 0000000000..54d23580e2 --- /dev/null +++ b/ssl/revoked-ssl-certificate.yaml @@ -0,0 +1,22 @@ +id: revoked-ssl-certificate + +info: + name: Revoked SSL Certificate - Detect + author: pussycat0x + description: | + Certificate revocation is the act of invalidating a TLS/SSL before its scheduled expiration date. A certificate should be revoked immediately when its private key shows signs of being compromised. + It should also be revoked when the domain for which it was issued is no longer operational. + reference: | + - https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/revoked-ssl-certificate/ + - https://www.tenable.com/plugins/nnm/5837 + + severity: low + tags: ssl + +ssl: + - address: "{{Host}}:{{Port}}" + + matchers: + - type: dsl + dsl: + - "revoked == true" \ No newline at end of file From b56a4399e3a805d05be91b8e9d3eb92db9b494f4 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 16 Mar 2023 20:10:33 +0530 Subject: [PATCH 2/2] Update revoked-ssl-certificate.yaml --- ssl/revoked-ssl-certificate.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/ssl/revoked-ssl-certificate.yaml b/ssl/revoked-ssl-certificate.yaml index 54d23580e2..51b275a3fa 100644 --- a/ssl/revoked-ssl-certificate.yaml +++ b/ssl/revoked-ssl-certificate.yaml @@ -3,15 +3,13 @@ id: revoked-ssl-certificate info: name: Revoked SSL Certificate - Detect author: pussycat0x + severity: low description: | - Certificate revocation is the act of invalidating a TLS/SSL before its scheduled expiration date. A certificate should be revoked immediately when its private key shows signs of being compromised. - It should also be revoked when the domain for which it was issued is no longer operational. + Certificate revocation is the act of invalidating a TLS/SSL before its scheduled expiration date. A certificate should be revoked immediately when its private key shows signs of being compromised. It should also be revoked when the domain for which it was issued is no longer operational. reference: | - https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/revoked-ssl-certificate/ - https://www.tenable.com/plugins/nnm/5837 - - severity: low - tags: ssl + tags: ssl,revoked ssl: - address: "{{Host}}:{{Port}}" @@ -19,4 +17,4 @@ ssl: matchers: - type: dsl dsl: - - "revoked == true" \ No newline at end of file + - "revoked == true"