Research and Development

vessl is a bash script that can fetch and verify the SSL certificate of a remote server.

It was originally written in order to script up the ability to verify SSL certificates across a large network.

Key features

  • vessl will connect to any service that OpenSSL can
  • It will extract and verify against a given CA Pem file
  • It will check that certificate matches the host it is on
  • It produce a map going from IPs to hostname
  • Checks to see if certificate is based on a blacklisted Debian key

Dependencies

Usage

vessl -h host [-p port] [-c certfile] [-v]

Output Files

By default the output will be 3 files:

ip:port.verify
ip:port.cert
sslmap

The first is the verification data, the second is the certificate and the third maps IP to SSL Hostname, e.g.

77.75.105.66:443, labs.portcullis.co.uk (77.75.105.66)

Generating a CA PEM file

Gentoo

emerge ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem

Debian

apt-get install ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem
Vessl-0.3.1 Tar
vessl-0.3.1.tar.bz2
April 26, 2013
8.0 KiB
MD5 hash: 9f9b0b942ea85b2f6fd2546870624803
Details
Vessl-0.2 Tar
vessl-0.2.tar.bz2
April 26, 2013
7.7 KiB
MD5 hash: 4b7a0bcfca6369836c79aa91b9079e2f
Details
Vessl-0.1 Tar
vessl-0.1.tar.bz2
April 26, 2013
7.5 KiB
MD5 hash: f267ae238c2adc58913579eee635ee0b
Details

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)