pip3 install -r requirements.txt
- john the ripper is required (pfx2john/john)
- Limelighter is required for testsigs command (Within PATH)
- Hardcoded wordlist path /usr/share/wordlists/rockyou.txt (modify this line to change)
- Hardcoded john format is --format=pfx (not pfx-opencl)
> python3 .\certdisco.py -h
__ ___ ____ ______ ___ ____ _____ __ ___
/ ] / _]| \ | || \ | |/ ___/ / ] / \
/ / / [_ | D )| || \ | |( \_ / / | |
/ / | _]| / |_| |_|| D | | | \__ | / / | O |
/ \_ | [_ | \ | | | | | | / \ |/ \_ | |
\ || || . \ | | | | | | \ |\ || |
\____||_____||__|\_| |__| |_____||____| \___| \____| \___/
@ed
Code Signing Certificate Discovery Tool
usage: certdisco.py [-h] {import,view,vt,testsigs} ...
Process and view certificates.
positional arguments:
{import,view,vt,testsigs}
import Process new certificates
view View stored certificates
vt Fetch files from VirusTotal
testsigs Run limelighter with certificates
python3 certdisco.py vt --api '<apikey>' -q 100 -o vt-output
python3 certdisco.py import -i vt-output
python3 certdisco.py view
python3 certdisco.py view --export
This does require limelighter to be installed and in your PATH
python3 certdisco.py testsigs --certlocation vt-output -o export
*File export.zip will be generated*
I just unzip on windows and use signtool.exe to check for validity
signtool verify /pa /v *.exe
Notes