Research and Development

vessl is a bash script that can fetch and verify the SSL certificate of a remote server.

It was originally written in order to script up the ability to verify SSL certificates across a large network.

Key features

  • vessl will connect to any service that OpenSSL can
  • It will extract and verify against a given CA Pem file
  • It will check that certificate matches the host it is on
  • It produce a map going from IPs to hostname
  • Checks to see if certificate is based on a blacklisted Debian key

Dependencies

Usage

vessl -h host [-p port] [-c certfile] [-v]

Output Files

By default the output will be 3 files:

ip:port.verify
ip:port.cert
sslmap

The first is the verification data, the second is the certificate and the third maps IP to SSL Hostname, e.g.

77.75.105.66:443, labs.portcullis.co.uk (77.75.105.66)

Generating a CA PEM file

Gentoo

emerge ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem

Debian

apt-get install ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)