- pSSL is a passive asset discovery scanner. This means it does not interact with the target domain or its hosts while performing a scan.
- This is done by downloading the certificate transparancy logs of your target and resolving CNAME records through public services.
- If you decide to interact with a host following a scan, it is your responsibility to verify you have the proper juristiction.
I am not responsible for any legal or criminal proceedings filed against you for using this tool.
pSSL is a tool I wrote in PowerShell to enumerate certificate transparancy logs using DoH (DNS over HTTPS).
This provides an unique list of hostnames and addresses for a glimpse of the network behind a target domain. Identify internal hostnames to maximize asset discovery and validate information flow.
pSSL is written for Windows and has a few dependancies from GnuWin32.
Luckily, I wrote a tool for installing everything you need. You can run these scripts from source, or use the compiled executable binary.
If you would like to download the dependancies ad-hoc, you'll need to install gawk from here and grep from here.
Quickstart Steps:
- Download and run my compiled installer for grep, sed, & awk dependancies
- Verify the tools are added to your environment variables
- Clone the pSSL repository
- Run pSSL. If you are having issues accessing the dependancies from your environment vars, varify they are set and reboot your machine.
- For more on DoH, check out RFC8484 here or at the PDF.
- For more on certificate transparancy, check out this guide from certificate.transparancy.dev.
- For more on CNAME record resolution, check out this article from Cloudflare.
You can find a video on my Obsidian Publish showcasing pSSL generating 889 unique IPs for a domain in around 3 minutes.
pSSL in Python for optimized scan times and implementation of new features!
- If you find use from this, consider supporting my work on Ko-fi.
- As of this release, I'm currently consulting full-time and get paid by the project, not by my time.