From 7d5130d18f92bb63c1b887a675033fdb373b35bf Mon Sep 17 00:00:00 2001
From: lucky0x0d-Pulse <110431259+Lucky-Pulse@users.noreply.github.com>
Date: Sun, 8 Oct 2023 07:38:29 +1300
Subject: [PATCH] Added template to detect wildcard CN or SAN in TLS
 certificate (#8023)

* Added template to detect wildcard CN or SAN in TLS certificate

* fix formatting

* using tlsx dsl for wildcard

---------

Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
---
 ssl/wildcard-tls.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 ssl/wildcard-tls.yaml

diff --git a/ssl/wildcard-tls.yaml b/ssl/wildcard-tls.yaml
new file mode 100644
index 00000000000..776c8a22563
--- /dev/null
+++ b/ssl/wildcard-tls.yaml
@@ -0,0 +1,25 @@
+id: wildcard-tls
+
+info:
+  name: Wildcard TLS Certificate
+  author: lucky0x0d
+  severity: info
+  description: |
+    Checks a sites certificate to see if there are wildcard CN or SAN entries.
+  reference:
+    - https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html#carefully-consider-the-use-of-wildcard-certificates
+  metadata:
+    max-request: 1
+  tags: ssl,wildcard,tls
+ssl:
+  - address: "{{Host}}:{{Port}}"
+    matchers:
+      - type: dsl
+        dsl:
+          - wildcard_certificate == true
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"CN: " + subject_cn'
+          - '" SAN: " + subject_an'