Scanning for MD5-signed SSL Certificates

Last updated at Wed, 26 Jul 2017 18:04:42 GMT

Efrain Torres just committed an improvement to the Metasploit source tree that allows the framework to be used as a SSL certificate scanner. This provides a simple way to identify SSL certificates in use that were signed with the MD5 algorithm and need to re-issued. To use the new module, update to the latest version of the development framework (3.3-dev) and follow the steps below.

msf > use auxiliary/scanner/http/wmap_ssl

msf auxiliary(wmap_ssl) > set RHOSTS admin.censored.bad
msf auxiliary(wmap_ssl) > set RPORT 443
msf auxiliary(wmap_ssl) > set SSL true
msf auxiliary(wmap_ssl) > run

[*] Subject: /C=US/O=admin.censored.bad/OU=https://services.choicepoint.net/get.jsp?XXXXXXX/OU=See www.freessl.com/cps (c)04/OU=Domain Control Validated - This is a GeoTrust StarterSSL(TM) Certificate/CN=admin.censored.bad Signature Alg: md5WithRSAEncryption
[*] A.B.C.D WARNING: Signature algorithm using MD5 (md5WithRSAEncryption)
[*] A.B.C.D is host admin.censored.bad

To scan a wider range of addresses, specify a CIDR or address range for the RHOST parameter, and set the THREADS parameter to something bigger (256 on Unix, 10 on Windows).