Skip to content

ndr-repo/pSSL

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 

Repository files navigation

pSSL - Passive subdomain discovery over SSL

Disclaimer

  • pSSL is a passive asset discovery scanner. This means it does not interact with the target domain or its hosts while performing a scan.
  • This is done by downloading the certificate transparancy logs of your target and resolving CNAME records through public services.
  • If you decide to interact with a host following a scan, it is your responsibility to verify you have the proper juristiction.

I am not responsible for any legal or criminal proceedings filed against you for using this tool.

Overview

pSSL is a tool I wrote in PowerShell to enumerate certificate transparancy logs using DoH (DNS over HTTPS).

This provides an unique list of hostnames and addresses for a glimpse of the network behind a target domain. Identify internal hostnames to maximize asset discovery and validate information flow.

Getting Started

pSSL is written for Windows and has a few dependancies from GnuWin32.

Luckily, I wrote a tool for installing everything you need. You can run these scripts from source, or use the compiled executable binary.

If you would like to download the dependancies ad-hoc, you'll need to install gawk from here and grep from here.

Quickstart Steps:

  1. Download and run my compiled installer for grep, sed, & awk dependancies
  2. Verify the tools are added to your environment variables
  3. Clone the pSSL repository
  4. Run pSSL. If you are having issues accessing the dependancies from your environment vars, varify they are set and reboot your machine.

Related Articles

  • For more on DoH, check out RFC8484 here or at the PDF.
  • For more on certificate transparancy, check out this guide from certificate.transparancy.dev.
  • For more on CNAME record resolution, check out this article from Cloudflare.

Demonstration & Usage

You can find a video on my Obsidian Publish showcasing pSSL generating 889 unique IPs for a domain in around 3 minutes.

pSSL_ctDownload pSSL_resolving pSSL_tableCreation2 allMyTools

Coming soon...

pSSL in Python for optimized scan times and implementation of new features!

Support

  • If you find use from this, consider supporting my work on Ko-fi.
  • As of this release, I'm currently consulting full-time and get paid by the project, not by my time.