CTFR is a Python-based tool to Transparency to get from a website in a few seconds.

CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains  - CTFR Abuse Certificate Transparency Logs For HTTPS Subdomains 640x363 - Abuse Certificate Transparency Logs For HTTPS Subdomains

You missed AXFR technique didn’t you? (Open DNS zone transfers), so how does it work? CTFR does not use dictionary attack or brute-force attacks, it just helps you to abuse Certificate Transparency Logs.

What is Certificate Transparency?

Google’s Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.

From: http://www.certificate-transparency.org/

Usage of CTFR to Abuse Certificate Transparency Logs



Example:



This is quite a new and novel technique compared to more traditional scripts like DNSRecon – DNS Enumeration Script.

You can download CTFR here:

ctfr-master.zip

Or read more here.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here