Hunt SSL Certificates for interesting keywords on major cloud service providers.
go install github.com/HarshVaragiya/sslsearch@latest- Search Cloud Service Providers IP Ranges / Given IP CIDR for keywords in SSL Certificate Subject / SANs
- Perform Initial fingerprinting (https server header grabbing / JARM fingerprinting)
| Cloud Service Provider | Region String Example | JARM | Server Header |
|---|---|---|---|
| Amazon Web Services | us-east-1 | ✅ | ✅ |
| Cloudflare | - | ✅ | ✅ |
| Digital Ocean | NL_NL-NH_Amsterdam | ✅ | ✅ |
| Google Cloud Platform | us-west4 | ✅ | ✅ |
| Oracle Cloud Infrastructure | ca-montreal-1 | ✅ | ✅ |
| Raw CIDR / IP Range | - | ✅ | ✅ |
- Identifying Infrastructure / Attack Surface for a given scope.
- Bug Bounty recon.
- Scanning a whole CSP Region & Identifying Servers / Services of interest along with SSL certificate information.
- Scanning the whole Internet / Country's CIDRs & Collecting JARM fingerprints / Server Headers along with SSL certificate information.
- Finding Mail / RDP / Other services belonging to a target that use x509 certificates to secure connections.
Ideated after following the following research projects :