id: kubernetes-fake-certificate

info:
  name: Kubernetes Fake Ingress Certificate - Detect
  author: kchason
  severity: low
  description: |
    Kubernetes Fake Ingress Certificate is a feature in Kubernetes that allows users to create and use fake or self-signed SSL/TLS certificates for testing purposes without having to obtain a real SSL/TLS certificate from a trusted Certificate Authority (CA).
  remediation: Purchase or generate a proper SSL certificate for this service.
  reference:
    - https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress/
  metadata:
    max-request: 1
    verified: true
    shodan-query: ssl:"Kubernetes Ingress Controller Fake Certificate"
  tags: ssl,kubernetes,tls,self-signed

ssl:
  - address: "{{Host}}:{{Port}}"

    matchers:
      - type: dsl
        dsl:
          - 'subject_cn == "Kubernetes Ingress Controller Fake Certificate"'
          - 'issuer_cn == "Kubernetes Ingress Controller Fake Certificate"'
        condition: or

    extractors:
      - type: dsl
        dsl:
          - '"Issuer: " + issuer_cn'