Get-CertTransparencyInfo.psm1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 |
# # Created by: lucas.cueff[at]lucas-cueff.com # # Released on: 01/2018 # # v0.4.0: fix json request with new crt.sh website version # #'(c) 2018 lucas-cueff.com - Distributed under Artistic Licence 2.0 (https://opensource.org/licenses/artistic-license-2.0).' Function Get-CertTransparencyInfo { <# .SYNOPSIS Get CTL info for domains,fqdn using CRT.sh web site .DESCRIPTION Get CTL info for domains,fqdn using CRT.sh web site .PARAMETER SearchDomain Mandatory parameter -SearchDomain string Provide domain, fqdn to search with crt.sh website .PARAMETER AdvSearch -advsearch string {'Subject-email','Subject-CommonName','Subject-OrgaName','Subject-OrgaUnitName','San-DnsName','San-IP','San-RFC822Name','Cert-SubjectKeyIdentifier'} use advanced search function to target specific data .PARAMETER GetCertificate -GetCertificate switch download all certificates found and add the results in the objects return (property Cli_certificate) .PARAMETER IncludeExpired -IncludeExpired switch include all expired certificates in result .OUTPUTS TypeName : Selected.System.Management.Automation.PSCustomObject Name MemberType Definition ---- ---------- ---------- Equals Method bool Equals(System.Object obj) GetHashCode Method int GetHashCode() GetType Method type GetType() ToString Method string ToString() Cli_adv_search NoteProperty string Cli_adv_search=San-DnsName Cli_certificate NoteProperty System.Security.Cryptography.X509Certificates.X509Certificate2 Cli_certificate=[Subject]... Cli_online_certificate_url NoteProperty string Cli_online_certificate_url=https://crt.sh/?d=172086619 Cli_online_obj_url NoteProperty string Cli_online_obj_url=https://crt.sh/?id=172086619 Cli_search_date NoteProperty datetime Cli_search_date=12/01/2018 16:00:41 Cli_search_request NoteProperty string Cli_search_request=www.yahoo.com issuer_ca_id NoteProperty int issuer_ca_id=1397 issuer_name NoteProperty string issuer_name=C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA min_cert_id NoteProperty int min_cert_id=172086619 min_entry_timestamp NoteProperty System.DateTime min_entry_timestamp=13/07/2017 18:44:02 name_value NoteProperty string name_value=www.yahoo.com not_before NoteProperty System.DateTime not_before=13/07/2017 00:00:00 min_cert_id : 172086619 issuer_ca_id : 1397 not_before : 13/07/2017 00:00:00 name_value : www.yahoo.com issuer_name : C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA min_entry_timestamp : 13/07/2017 18:44:02 Cli_online_obj_url : https://crt.sh/?id=172086619 Cli_online_certificate_url : https://crt.sh/?d=172086619 Cli_adv_search : San-DnsName Cli_search_request : www.yahoo.com Cli_search_date : 12/01/2018 16:00:41 Cli_certificate : [Subject] CN=*.att.yahoo.com, O=Yahoo! Inc., L=Sunnyvale, S=CA, C=US [Issuer] CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US [Serial Number] 0549BC2E73877793DF5F5EC7B7AD9161 [Not Before] 13/07/2017 02:00:00 [Not After] 13/01/2018 13:00:00 [Thumbprint] 978E6DB2761BD4BECFF14CFC21F2A7F95E40B12C .EXAMPLE get certificate info from CTL databases for google.com domain C:\PS> Get-CertTransparancyInfo -SearchInfo "google.com" .EXAMPLE get certificate info from CTL databases for google-*.com domain C:\PS> Get-CertTransparancyInfo -SearchInfo "google-*.com" .EXAMPLE get certificate info from CTL databases for certificates containing *.google.com in their SAN C:\PS> Get-CertTransparancyInfo -SearchInfo "*google.com" -AdvSearch San-DnsName .EXAMPLE get certificate info from CTL databases for certificates containing *.google.com in their SAN and dump certificate found C:\PS> Get-CertTransparancyInfo -SearchInfo "*google.com" -AdvSearch San-DnsName -GetCertificate .EXAMPLE get certificate info from CTL databases for google.com domain including expired C:\PS> Get-CertTransparancyInfo -SearchInfo "google.com" -IncludeExpired #> [cmdletbinding()] param( [parameter(ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true,Mandatory=$true)] [string] $SearchInfo, [parameter(Mandatory=$false)] [ValidateSet('Subject-email','Subject-CommonName','Subject-OrgaName','Subject-OrgaUnitName','San-DnsName','San-IP','San-RFC822Name','Cert-SubjectKeyIdentifier')] [String]$AdvSearch, [parameter(Mandatory=$false)] [switch]$GetCertificate, [parameter(Mandatory=$false)] [switch]$IncludeExpired ) $SearchInfo = $SearchInfo -replace " ", "+" $SearchInfo = $SearchInfo -replace "\*", "%" $script:currentdate = get-date $script:crtsh = "https://crt.sh/" if ($IncludeExpired.IsPresent) { $ExcludeExpired = $null } Else { $ExcludeExpired = "&exclude=expired" } if ($advsearch){ switch ($advsearch) { 'Subject-email' {$url = "$($crtsh)?E=$($SearchInfo)&output=json$ExcludeExpired"} 'Subject-CommonName' {$url = "$($crtsh)?CN=$($SearchInfo)&output=json$ExcludeExpired"} 'Subject-OrgaName' {$url = "$($crtsh)?O=$($SearchInfo)&output=json$ExcludeExpired"} 'Subject-OrgaUnitName' {$url = "$($crtsh)?OU=$($SearchInfo)&output=json$ExcludeExpired"} 'San-DnsName' {$url = "$($crtsh)?dNSName=$($SearchInfo)&output=json$ExcludeExpired"} 'San-IP' {$url = "$($crtsh)?iPAddress=$($SearchInfo)&output=json$ExcludeExpired"} 'San-RFC822Name' {$url = "$($crtsh)?rfc822Name=$($SearchInfo)&output=json$ExcludeExpired"} 'Cert-SubjectKeyIdentifier' {$url = "$($crtsh)?ski=$($SearchInfo)&output=json$ExcludeExpired"} Default {$url = "$($crtsh)?q=$($SearchInfo)&output=json"} } } else { $url = "$($crtsh)?q=$($SearchInfo)&output=json" } $Script:FinalCTLInfo = @() $Script:CTLTemplateObject = New-Object psobject $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "min_cert_id" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "issuer_ca_id" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "not_before" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "name_value" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "issuer_name" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "min_entry_timestamp" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "Cli_online_obj_url" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "Cli_online_certificate_url" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "Cli_adv_search" -Value $false $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "Cli_search_request" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "Cli_search_date" -Value $null $CTLTemplateObject | Add-Member -MemberType NoteProperty -Name "Cli_certificate" -Value $null try { $webdata = invoke-webrequest $url } catch { if ($_.Exception.Response.StatusCode.Value__ -eq 404) { write-warning "No certificate found" } Else { write-warning "website error or not available" write-error "Error Type: $($_.Exception.GetType().FullName)" write-error "Error Message: $($_.Exception.Message)" } return } try { $Filteredwebdata = $webdata.content | convertfrom-json } catch { write-warning "Error when parsing Json file" write-error "Error Type: $($_.Exception.GetType().FullName)" write-error "Error Message: $($_.Exception.Message)" return } foreach ($data in $Filteredwebdata) { $tmpobj = $Script:CTLTemplateObject | select-object * $tmpobj.min_cert_id = $data.min_cert_id $tmpobj.issuer_ca_id = $data.issuer_ca_id $tmpobj.name_value = $data.name_value $tmpobj.issuer_name = $data.issuer_name $tmpobj.not_before = get-date $data.not_before $tmpobj.min_entry_timestamp = get-date $data.min_entry_timestamp $tmpobj.Cli_online_obj_url = "$($crtsh)?id=$($data.min_cert_id)" $tmpobj.Cli_online_certificate_url = "$($crtsh)?d=$($data.min_cert_id)" if ($advsearch) {$tmpobj.Cli_adv_search = $advsearch} $tmpobj.Cli_search_request = $SearchInfo $tmpobj.Cli_search_date = $currentdate if ($GetCertificate.IsPresent) { $tmpcert = Invoke-WebRequest "$($tmpobj.Cli_online_certificate_url)" -ErrorAction Continue if ($tmpcert) { $tmpobcert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 $tmpobcert.Import($tmpcert.content) $tmpobj.Cli_certificate = $tmpobcert } } $Script:FinalCTLInfo += $tmpobj } If ($FinalCTLInfo) {return $FinalCTLInfo} } Export-ModuleMember -Function Get-CertTransparencyInfo |