daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/aws/acm/acm-wildcard-cert.yaml

57 lines
2.0 KiB
YAML
Raw Blame History

id: acm-wildcard-cert
info:
name: Wildcard ACM Certificate Usage
author: princechaddha
severity: low
description: |
Ensure ACM certificates for specific domain names are used over wildcard certificates to adhere to best security practices, providing unique private keys for each domain/subdomain.
impact: |
Using wildcard certificates can expose your AWS environment to increased risk by potentially allowing unauthorized subdomains to be protected under the same certificate, reducing the granularity of access control and increasing the blast radius in the event of a key compromise.
remediation: |
Replace wildcard ACM certificates with single domain name certificates for each domain/subdomain within your AWS account. This enhances security by ensuring each domain/subdomain has its own unique private key and certificate.
reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables:
region: "us-east-1"
flow: |
code(1)
for(let arns of iterate(template.certificatearns)){
set("certificatearn", arns)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws acm list-certificates --region $region --certificate-statuses ISSUED --query 'CertificateSummaryList[*].CertificateArn' --output json
extractors:
- type: json
name: certificatearns
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws acm describe-certificate --region $region --certificate-arn $certificatearn --query 'Certificate.DomainName'
matchers:
- type: word
words:
- "*."
extractors:
- type: dsl
dsl:
- 'certificatearn + " AWS ACM certificate is a wildcard certificate"'
# digest: 4a0a00473045022078c25c2aeb4e1ecb7851bfcf3e176bbd0eff547432a2a5ec04d150b1c3fbfdaf022100b3e428a513082fb7357f95e92309d0dfe47823bc6eb40cc403cc2836756ccd60:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink