https://github.com/ndr-repo/pssl

Passive subdomain discovery through SSL.
https://github.com/ndr-repo/pssl

asset-discovery certificate-transparency cybersecurity dns dns-over-https infosec reconnaissance ssl tls

Last synced: about 2 months ago
JSON representation

Passive subdomain discovery through SSL.

• Host: GitHub
• URL: https://github.com/ndr-repo/pssl
• Owner: ndr-repo
• License: gpl-3.0
• Created: 2025-01-13T10:01:23.000Z (4 months ago)
• Default Branch: main
• Last Pushed: 2025-04-01T15:08:07.000Z (about 2 months ago)
• Last Synced: 2025-04-01T16:36:15.246Z (about 2 months ago)
• Topics: asset-discovery, certificate-transparency, cybersecurity, dns, dns-over-https, infosec, reconnaissance, ssl, tls
• Language: PowerShell
• Homepage:
• Size: 71.3 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# pSSL - Passive subdomain discovery over SSL

## Disclaimer

- pSSL is a passive asset discovery scanner. This means it does not interact with the target domain or its hosts while performing a scan. 

- This is done by downloading the certificate transparancy logs of your target and resolving CNAME records through public services.

- If you decide to interact with a host following a scan, it is **your responsibility** to verify you have the proper jurisdiction.

**I am not responsible for any legal or criminal proceedings filed against you for using this tool.**

## Overview

pSSL is a tool I wrote in PowerShell to enumerate certificate transparency logs using DoH (DNS over HTTPS). 

This provides an unique list of hostnames and addresses for a glimpse of the network behind a target domain. Identify internal hostnames to maximize asset discovery and validate information flow.

## Getting Started

pSSL is written for Windows and has a few dependencies from [GnuWin32](https://gnuwin32.sourceforge.net/).

Luckily, I wrote a tool for installing everything you need. You can run these scripts [from source](https://github.com/ndr-repo/gnuwin32_Scan-Download/), or use the [compiled executable binary](https://github.com/ndr-repo/gnuwin32_Scan-Download/releases/tag/v1.0.0).

If you would like to download the dependencies ad-hoc, you'll need to install gawk from [here](https://gnuwin32.sourceforge.net/packages/gawk.htm) and grep from [here](https://gnuwin32.sourceforge.net/packages/grep.htm).

**Quickstart Steps**:

1. Download and run my compiled installer for grep, sed, & awk dependancies

2. Verify the tools are added to your [environment variables](https://www.howtogeek.com/787217/how-to-edit-environment-variables-on-windows-10-or-11/)

3. Clone the pSSL repository

4. Run pSSL. If you are having issues accessing the dependencies from your environment vars, verify they are set and reboot your machine.

## Related Articles

- For more on DoH, check out RFC8484 [here](https://www.rfc-editor.org/rfc/rfc8484.html) or at the [PDF](https://www.rfc-editor.org/rfc/pdfrfc/rfc8484.txt.pdf).

- For more on certificate transparency, check out this guide from [certificate.transparancy.dev](https://certificate.transparency.dev/howctworks/).

- For more on CNAME record resolution, check out this article from [Cloudflare](https://www.cloudflare.com/learning/dns/dns-records/dns-cname-record/).

## Demonstration & Usage

![pSSL_ctDownload](https://github.com/user-attachments/assets/3fdda20b-dbb8-4098-93c4-fa5bafbf3d5b)

![pSSL_resolving](https://github.com/user-attachments/assets/b16bd707-5434-400e-8621-8a4b86280085)

![pSSL_tableCreation2](https://github.com/user-attachments/assets/e0720bf8-d99b-4da0-8f15-91b588162857)

![allMyTools](https://github.com/user-attachments/assets/16cd5559-8d7f-4195-8979-35983e48be72)

## Coming soon...

pSSL in Python for optimized scan times and implementation of new features!

## Support

- If you find use from this, consider supporting my work on [Ko-fi](https://ko-fi.com/weekndr_sec).