id: wildcard-tls info: name: Wildcard TLS Certificate author: lucky0x0d severity: info description: | Checks a sites certificate to see if there are wildcard CN or SAN entries. reference: - https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html#carefully-consider-the-use-of-wildcard-certificates metadata: max-request: 1 tags: ssl,tls,wildcard ssl: - address: "{{Host}}:{{Port}}" matchers: - type: dsl dsl: - wildcard_certificate == true extractors: - type: dsl dsl: - '"CN: " + subject_cn' - '" SAN: " + subject_an' # digest: 4a0a004730450220200eb6b8c3d1eefaf26a3c7cf5fed728585bdbd8ccb87e0eef72844fbede51cb02210081a66d9afa40eb6bea73c4552ac8dee85140d22488e34066dbf0181406ca75ce:922c64590222798bb761d5b6d8e72950