mismatched-ssl-certificate update

2023-03-10 03:05:22 +05:30 · 2023-03-10 03:05:22 +05:30 · 74dd6249f1
parent c4e0e52ef4
commit 74dd6249f1
1 changed files with 24 additions and 0 deletions
--- a/ssl/mismatched-ssl-certificate.yaml
+++ b/ssl/mismatched-ssl-certificate.yaml
@ -0,0 +1,24 @@
+id: mismatched-ssl-certificate
+
+info:
+  name: Mismatched SSL Certificate
+  author: pdteam
+  severity: low
+  reference:
+    - https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/ssl-certificate-name-hostname-mismatch/
+  tags: ssl,mismatched,tls
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "mismatched == true"
+          - "ip != host"
+        condition: and
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"CN: " + subject_cn'