Last active
October 23, 2020 05:32
-
-
Save kuan51/cb7c8ef14d656d101dfd0911b8c1c1ff to your computer and use it in GitHub Desktop.
This script was built to allow one to quickly extrapolate data and information about the SSL certificate used on a large list of websites.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| This script was built to allow one to quickly extrapolate data and information about the SSL certificate used on a large list of websites. | |
| Here is a breakdown of the logic: | |
| 1. Open SSL tunnel to a FQDN | |
| 2. Import the cert as a x509Certificate2 powershell object | |
| 3. Extract the subject and issuer info from the certificate | |
| 4. Compiles a CSV report with the certificate details | |
| #> | |
| function Get-Certs | |
| { | |
| Param | |
| ( | |
| [Parameter(Mandatory=$true)] | |
| [ValidateScript({ | |
| if (Test-Path $_){ | |
| $true | |
| } | |
| else{ | |
| throw "File $($_) does not exist." | |
| } | |
| })] | |
| [ValidateNotNullOrEmpty()] | |
| $in, | |
| [Parameter(Mandatory=$true)] | |
| [ValidateScript({ | |
| if (Test-Path -IsValid $_){ | |
| $true | |
| } | |
| else{ | |
| throw "$($_) is not a valid filepath." | |
| } | |
| })] | |
| [ValidateNotNullOrEmpty()] | |
| $out | |
| ) | |
| $out_csv = @() | |
| $in_csv = Import-Csv -Path $in| ForEach-Object{ | |
| foreach($property in $_.PsObject.Properties) | |
| { | |
| <# | |
| The domain is in $property.Value | |
| CSV header "FQDN" is in $property.Name | |
| #> | |
| $fqdn = $property.Value.ToString() | |
| [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; # use TLSv1.2, powershell defaults to TLSv1 | |
| $webRequest = [Net.WebRequest]::Create("https://$($fqdn)") | |
| try { $webRequest.GetResponse() } catch {} | |
| $fqdn = $webRequest.Address | |
| $cert = $webRequest.ServicePoint.Certificate | |
| $bytes = $cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert) | |
| $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 | |
| $Cert.Import($bytes) | |
| # Create CSV rows and append to out_csv | |
| $row = [pscustomobject]@{ | |
| FQDN = $fqdn | |
| Subject = ($Cert.Subject.ToString() -replace ',(?=(?:[^"]*"[^"]*")*[^"]*$)', ";").Replace(",", " ") # replace commas so they dont interfere with csv | |
| Issuer = ($Cert.IssuerName.Name.ToString() -replace ',(?=(?:[^"]*"[^"]*")*[^"]*$)', ";").Replace(",", " ") # replace commas so they dont interfere with csv | |
| Serial_Number = $Cert.GetSerialNumberString() | |
| } | |
| $out_csv += $row | |
| } | |
| } | |
| # Save csv | |
| $out_csv | Export-Csv -Path $out -NoTypeInformation | |
| } | |
| Export-ModuleMember -Function Get-Certs |
The in file should be a list of domains on new lines. For example:
domain.com
domain2.com
domain3.net
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You can import the module in powershell with
Import-Module Get-Certs.psm1