vessl

vessl is a bash script that can fetch and verify the SSL certificate of a remote server.

It was originally written in order to script up the ability to verify SSL certificates across a large network.

Key features

• vessl will connect to any service that OpenSSL can
• It will extract and verify against a given CA Pem file
• It will check that certificate matches the host it is on
• It produce a map going from IPs to hostname
• Checks to see if certificate is based on a blacklisted Debian key

Dependencies

• openssl
• ping
• openssl-vulnkey
• mktemp
• CA Pem File

Usage

vessl -h host [-p port] [-c certfile] [-v]

Output Files

By default the output will be 3 files:

ip:port.verify
ip:port.cert
sslmap

The first is the verification data, the second is the certificate and the third maps IP to SSL Hostname, e.g.

77.75.105.66:443, labs.portcullis.co.uk (77.75.105.66)

Generating a CA PEM file

Gentoo

emerge ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem

Debian

apt-get install ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem

vessl-0.3.1.tar.bz2
April 26, 2013

8.0 KiB
MD5 hash: 9f9b0b942ea85b2f6fd2546870624803
Details

Date:

April 26, 2013

vessl-0.2.tar.bz2
April 26, 2013

7.7 KiB
MD5 hash: 4b7a0bcfca6369836c79aa91b9079e2f
Details

Date:

April 26, 2013

vessl-0.1.tar.bz2
April 26, 2013

7.5 KiB
MD5 hash: f267ae238c2adc58913579eee635ee0b
Details

Date:

April 26, 2013