Added template to detect wildcard CN or SAN in TLS certificate (#8023)

* Added template to detect wildcard CN or SAN in TLS certificate * fix formatting * using tlsx dsl for wildcard --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-08 07:38:29 +13:00 · 2023-10-08 07:38:29 +13:00 · 7d5130d18f
parent 01bfe1489a
commit 7d5130d18f
1 changed files with 25 additions and 0 deletions
--- a/ssl/wildcard-tls.yaml
+++ b/ssl/wildcard-tls.yaml
@ -0,0 +1,25 @@
+id: wildcard-tls
+
+info:
+  name: Wildcard TLS Certificate
+  author: lucky0x0d
+  severity: info
+  description: |
+    Checks a sites certificate to see if there are wildcard CN or SAN entries.
+  reference:
+    - https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html#carefully-consider-the-use-of-wildcard-certificates
+  metadata:
+    max-request: 1
+  tags: ssl,wildcard,tls
+ssl:
+  - address: "{{Host}}:{{Port}}"
+    matchers:
+      - type: dsl
+        dsl:
+          - wildcard_certificate == true
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"CN: " + subject_cn'
+          - '" SAN: " + subject_an'