Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

README.md

BygoneSSL

This tool detects the two classes of vulnerability defined at https://insecure.design

The tool can be ran to detect either Man In The Middle, or Denial of Service

Denial of Service

To run the tool in DoS mode, make sure you supply ALL the domains you own in the config file, otherwise the tool won't work. It is designed to report certs containing domains you don't own.

Man in the Middle

To run the tool in MITM mode, make sure you accurately list the date you FIRST registered the domain, otherwise you will recieve inaccurate results.

Install

Install with either

pip install bygonessl

Or install the Dockerfile

docker build -t "bygonessl" .

Setup

Set two environment variables for your facebook developer account:

export facebook_app_id=<id>
export facebook_app_token=<token>

Make sure you escape the pipe in the app token.

Configure

Create a config file with the following:

{
    "domains": [
        {
            "domain": "insecure.design",
            "domainCreated": "2018-04-10T23:59:59+0000"
        }
    ],
    "bygoneDOS": true,
    "bygoneMITM": true
}

Run the tool

Run the tool with the following:

bygonessl --config <pathToJsonFile>

Or with docker:

docker run --env-file sourceme --rm -v $(pwd):/work -ti bygonessl bygonessl --config /work/exampleConfig.json

About

A tool to discover bygonessl vulnerabilities using the facebook API

Resources

Releases

No releases published
You can’t perform that action at this time.