This is a proof-of-concept tool to use AI to use the certspy tool to perform automated reconnaissance and analyze the results.
These are examples that are part of Omar's books and video courses related to AI for cybersecurity.
CertSPY is a Python tool created by Omar Santos (@santosomar) for interfacing with the crt.sh API, allowing users to retrieve information on subdomains from digital certificate transparency logs.
Certificate Transparency (CT) is an open framework aimed at improving the safety of SSL/TLS certificates by creating an open and auditable log of all certificates issued by certificate authorities. It allows for the detection of mistakenly or maliciously issued certificates. In the context of reconnaissance (recon), cybersecurity experts and ethical hackers can utilize CT logs as a rich source of information for mapping the internet landscape. They can extract data about the existence of subdomains of a target domain, revealing potential targets for further investigation or penetration testing. This kind of intel can be vital in identifying vulnerable endpoints, tracking the issuance of new certificates, and generally maintaining a strong security posture against potential cyber threats. The tool crafted in the script leverages CT logs accessible through the crt.sh platform to facilitate such recon efforts, aiding in the timely identification of potential security vulnerabilities.
The ai_recon.py script is a powerful tool for performing OSINT (Open Source Intelligence) analysis on a given domain. It combines certificate information gathering, DNS resolution, WHOIS lookups, and AI-powered analysis to provide comprehensive insights about a domain and its associated infrastructure.
-
Certificate Information Retrieval: Uses the CertSpy API to gather SSL/TLS certificate information for the specified domain.
-
DNS Resolution: Resolves hostnames found in certificate information to their corresponding IP addresses.
-
WHOIS Lookup: Performs WHOIS lookups on resolved IP addresses to obtain organization and CIDR information.
-
AI-Powered Analysis: Utilizes a language model (like GPT) to analyze the gathered information and provide insights.
- The script takes a domain name as input.
- It retrieves SSL/TLS certificate information for the domain.
- For each hostname found in the certificate:
- Performs DNS resolution to get the IP address
- Conducts a WHOIS lookup on the IP address
- All gathered information is printed to the console in real-time.
- The collected data is then sent to an AI model for analysis.
- The AI-generated insights are displayed as the final output.
To use the ai_recon.py script, run it from the command line with a domain name as an argument:
python ai_recon.py secretcorp.orgYou can also use the ai_recon_md.py script to generate a markdown file with the results:
python ai_recon_md.py secretcorp.org -o results.mdThe output will be saved to the results.md file. I have also included an example of the results.md file.
Read the LICENSE file.
This will start the process of gathering certificate information, resolving hostnames, performing WHOIS lookups, and analyzing the results using AI.
- Python 3.7 or later
- Install the requirements:
pip3 install -r requirements.txtThe ai_scan.py script is a proof-of-concept tool for performing AI-powered SSL/TLS analysis on a given host or IP address. It combines Nmap SSL cipher scan results and AI-powered analysis to provide comprehensive insights about the host's SSL/TLS configuration.
- The script reads the results.md file that was created by ai_recon_md.py and extracts the hostnames from the file.
- It performs an Nmap SSL cipher scan on the specified host or IP address.
- The scan results are then sent to an AI model for analysis.
- The AI-generated insights are displayed as the final output.
To use the ai_scan.py script, run it from the command line with a host or IP address as an argument:
python3 ai_scan.py