- Required to use tshark:
brew install --cask wireshark - Add MongoDB repo to brew:
brew tap mongodb/brew - Install MongoDB with brew:
brew install mongodb/brew/mongodb-community mongosh mongodb-compass - Update existing conda env with required packages:
conda env update --file environment.yml --prune
Usage:
- Start the MongoDB (required for sync):
./start_mongo.sh - Start to sniff Wi-Fi network interface on macOS
python3 waifu_scan.py -N en0 - Crawl every folder on the filesystem starting in root folder:
python3 waifu_scan.py -L "/"
- Live Sniffing for SSL/TLS certificates for provided network interface
- Analyse pcap(ng) files to collect certificates
- certificates are detected and collected in realtime (50ms timeout)
- Filesystem-Crawling for certificates, private keys and public keys:
- detected certificates: .pem .crt .ca-bundle .p7b .p7s .der .cer .pfx .p12
- during execution: logging what kind of data was found including execution runtime
- crawling ~720 GB takes about 180 seconds
- certificates are saved to database or local filesystem:
- used MongoDB as database to store certificates and keys
- SHA-256 hash of certificate data prevents duplicates in database
- all certificates are tracked with inbound and outbound connections
- IP:Port of source and destination address are logged to stdout during execution
I am not responsible for anything done with this tool. You use it at your own risk. There are no warranties or guarantees expressed or implied. You assume all responsibility and liability.