Skip to content

Latest commit

 

History

History
49 lines (35 loc) · 2.5 KB

README.md

File metadata and controls

49 lines (35 loc) · 2.5 KB
Raw

getCert CE - SSL Certificates for BMC Discovery

Copyright 2021 Traversys Limited
License Apache License 2.0
Version 1.7.0 (ED-209)

Overview

Traversys getCert is an extension to BMC Discovery. It operates independently of Discovery scans in either a Docker container or a standalone script. getCert non-invasively collect information about externally facing SSL certificates (accessible via open web/application ports) against your data center infrastructure.

getCet triggers an event to Discovery via the API which contains a temporary key to unlock the encrypted capture data stored with the getCert application files. The getCert pattern module will then trigger on the event and scan the getCert data source to retrieve and build a list of certificate Detail nodes. If any SoftwareInstances match the certificate IP or common name and port getCert will automatically attempt to map the Detail to the SI, alternatively, for other network devices - getCert will map directly to the device node.

getCert comes with a beta CMDB sync pattern which follows the schema of BMC's TLS Certificate OOTB mappings - and will sync any SSL Certificate details mapped directly to a SoftwareInstance to BMC_Document.

getCert is highly configurable, with the option to scan subnets, websites, DNS hostnames or IP addresses, and the discovered data can be added to the model in different ways with custom extensions.

Quickstart

  1. Install and configure Docker
  2. Run docker build --tag getcert --progress=plain -f dockerbuild/Dockerfile .
  3. Make a note of the password generated by the build script
    alt text
  4. Startup the Container
docker run -t -d -p 2222:22 --name getCert -v ${PWD}:/opt/Traversys/getCert getcert:latest
  1. Access the shell: docker exec -it getCert /bin/bash
  2. Navigate to /opt/Traversys/getCert
  3. Run the installation script python3 install.py
  4. Run getCert
$ screen
$ python3 /opt/Traversys/getCert/getcert.py --instance <Discovery URL/IP> --config /opt/Traversys/getCert/config.ini

Scan Modes

getCert will commence in the background and export details to an encrypted data file.

There are 3 modes you can use and are set in the config file:

  1. Scan for SSL Certificates on the test ips/subnet string
  2. Scan for a list of ips/subnets in the specified input file
  3. Run the query (appliance login needed) to export a list of ips/subnets

Full Documentation: https://traversys.github.io/getCert_CE/