Skip to content

Instantly share code, notes, and snippets.

View SHA-1 CRLs
Fetch errors:
HTTPConnectionPool(host='crl.comodo.net', port=80): Max retries exceeded with url: /AAACertificateServices.crl (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object
at 0x0000025BA14EE0D0>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))
403 Client Error: Forbidden for url: http://crl.tuntrust.tn/tntrustrootca.crl
HTTPConnectionPool(host='atospki', port=80): Max retries exceeded with url: /crl/Atos_TrustedRoot_CA_2011.crl (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x000001B43D5D87C0>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))
@CBonnell
CBonnell / shellcode_modulus.txt
Last active Dec 5, 2021
Vanity RSA key with Windows bind shellcode in modulus
View shellcode_modulus.txt
_ _ _, __, _, _ _ _, _ _,
| | / \ |_) |\ | | |\ | / _
|/\| |~| | \ | \| | | \| \ /
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
This key is extremely weak and should not be used for anything
Vanity RSA-3072 key with Windows bind shellcode in modulus. DER encoding of the CSR below detected by ClamAV as a trojan: https://www.virustotal.com/gui/file/b757330297ddccd7ec1fdac846dc7a69b1e75541b53ba8b8a508b0370c7b23da/detection
-----BEGIN CERTIFICATE REQUEST-----
View v1 CRLs in MozillaIntermediateCerts.csv
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 1 column, instead of 2. in line 5.
CRL URI: intermediate cert subject (ASN.1 version)
http://g.symcb.com/crls/gtglobal.crl: /C=DE/O=CertCenter AG/OU=Domain Validated SSL/CN=AlwaysOnSSL CA - G2 (0)
http://g.symcb.com/crls/gtglobal.crl: /CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US (0)
http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 (0)
http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 (0)
http://g.symcb.com/crls/gtglobal.crl: /C=US/O=DigiCert, Inc./OU=www.digicert.com/CN=DigiCert TLS ICA GeoTrust Global (0)
http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Transition RSA Root (0)
http://crl.geotrust.com/crls/gtglobal.crl: /C=JP/O=NTT DOCOMO, INC./OU=GeoRoot Certification Authority/CN=DKHS Device CA (0)
http://g.symcb.com/crls/gtglobal.crl: /C=JP/O=NTT DOCOMO, INC./OU=GeoRoot Certification Authority/CN=DKHS Device CA - G2 (0)
http://crl.geotrust.com/crls/gtglobal.crl: /C=US/O=GeoTrust Inc
@CBonnell
CBonnell / jurisST.txt
Last active Aug 20, 2019
EV certificates, C=US with non-existent ST and jurisST RDN values
View jurisST.txt
(tags.raw:"ev" and parsed.subject.jurisdiction_country:US and parsed.subject.jurisdiction_province:* and not parsed.subject.jurisdiction_province:"Alabama" and not parsed.subject.jurisdiction_province:"AL" and not parsed.subject.jurisdiction_province:"Alaska" and not parsed.subject.jurisdiction_province:"AK" and not parsed.subject.jurisdiction_province:"Arizona" and not parsed.subject.jurisdiction_province:"AZ" and not parsed.subject.jurisdiction_province:"Arkansas" and not parsed.subject.jurisdiction_province:"AR" and not parsed.subject.jurisdiction_province:"California" and not parsed.subject.jurisdiction_province:"CA" and not parsed.subject.jurisdiction_province:"Colorado" and not parsed.subject.jurisdiction_province:"CO" and not parsed.subject.jurisdiction_province:"Connecticut" and not parsed.subject.jurisdiction_province:"CT" and not parsed.subject.jurisdiction_province:"Delaware" and not parsed.subject.jurisdiction_province:"DE" and not parsed.subject.jurisdiction_province:"Florida" and not parsed.subj
@CBonnell
CBonnell / gist:1f01ccd93667c37800b67e518340c606
Last active Feb 23, 2019
DarkMatter-issued certificates, notBefore >= 2016-09-30
View gist:1f01ccd93667c37800b67e518340c606
QuoVadis
"crt.sh URL(s)", notBefore, "serial number", "highest set bit", "issuer CN"
"https://crt.sh/?id=85497938 (precert)", 2017-02-06, 5B:FC:72:86:43:23:99:6B, 63, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85497941 (precert)", 2017-02-06, 04:9E:3C:E1:F1:4B:C1:A1, 59, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85497942 (precert)", 2017-02-06, 3E:1D:03:8A:F2:73:F3:E9, 62, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85498180 (precert)", 2017-02-06, 9A:45:0C:14:16:BB:B4, 56, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85498184 (precert)", 2017-02-06, 79:76:12:FE:31:58:53:99, 63, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85498186 (precert)", 2017-02-06, 42:2A:F0:A8:25:EC:14:34, 63, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85283194 (precert); https://crt.sh/?id=266919536 (final)", 2017-02-06, 2F:90:D6:AA:A7:2B:D1:9D, 62, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85667726 (precert); https://crt.sh/?id=269941290 (final)", 2017-02-07, 1A:CD:66:B2:4B:2B:07:8