Land #16661, Add SAN support to impersonate_ssl module

gwillcox-r7 · gwillcox-r7 · commit 12cc1c871dcd · 2022-06-08T11:54:05.000-05:00
diff --git a/modules/auxiliary/gather/impersonate_ssl.rb b/modules/auxiliary/gather/impersonate_ssl.rb
@@ -38,7 +38,8 @@ def initialize(info = {})
         OptPath.new('PRIVKEY', [false, 'Sign the cert with your own CA private key', nil]),
         OptString.new('PRIVKEY_PASSWORD', [false, 'Password for private key specified in PRIV_KEY (if applicable)', nil]),
         OptPath.new('CA_CERT', [false, 'CA Public certificate', nil]),
-        OptString.new('ADD_CN', [false, 'Add CN to match spoofed site name (e.g. *.example.com)', nil])
+        OptString.new('ADD_CN', [false, 'Add CN to match spoofed site name (e.g. *.example.com)', nil]),
+        OptString.new('ADD_SAN', [false, 'Add SAN entries to certificate (e.g. alt.example.com,127.0.0.1)', nil])
       ]
     )
 
@@ -180,6 +181,17 @@ def run
       ef.create_extension('subjectKeyIdentifier', 'hash'),
     ]
 
+    # Add additional SAN entries to the new cert. See https://support.f5.com/csp/article/K13471
+    # for an example of how this added SAN field is expected to look like in a certificate.
+    if !datastore['ADD_SAN'].nil? && !datastore['ADD_SAN'].empty?
+      sans = datastore['ADD_SAN'].to_s.split(/,/)
+      sans.map! do |san|
+        san = (san =~ Resolv::IPv4::Regex || san =~ Resolv::IPv6::Regex) ? "IP:#{san}" : "DNS:#{san}"
+      end
+      new_cert.add_extension(ef.create_extension('subjectAltName', sans.join(','), false))
+      print_status("Adding #{datastore['ADD_SAN']} to the certificate subject alternative names")
+    end
+
     if !datastore['PRIVKEY'].nil? && !datastore['PRIVKEY'].empty?
       new_cert.sign(ca_key, OpenSSL::Digest.new(hashtype))
       new_key = ca_key # Set for file output
