OpenSecurityIN
diff --git a/‎.DS_Store
6 KB b/‎.DS_Store
6 KB
diff --git a/‎__init__.py b/‎__init__.py
diff --git a/‎ca.crt
Lines changed: 19 additions & 0 deletions b/‎ca.crt
Lines changed: 19 additions & 0 deletions
diff --git a/‎ca.key
Lines changed: 18 additions & 0 deletions b/‎ca.key
Lines changed: 18 additions & 0 deletions
diff --git a/‎gen_cert.py
Lines changed: 95 additions & 0 deletions b/‎gen_cert.py
Lines changed: 95 additions & 0 deletions
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnagAwIBAgIJAK0sM7Yqpr2RMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
+BAYTAklOMRIwEAYDVQQIEwlCYW5nYWxvcmUxFTATBgNVBAcTDE9wZW5TZWN1cml0
+eTEPMA0GA1UEChMGTW9iU2VjMRgwFgYDVQQDEw9Nb2JTZWNGcmFtZXdvcmswHhcN
+MTUwNjE2MTI0MzAwWhcNMjUwNjEzMTI0MzAwWjBjMQswCQYDVQQGEwJJTjESMBAG
+A1UECBMJQmFuZ2Fsb3JlMRUwEwYDVQQHEwxPcGVuU2VjdXJpdHkxDzANBgNVBAoT
+Bk1vYlNlYzEYMBYGA1UEAxMPTW9iU2VjRnJhbWV3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQD0u3s2k7DVscVZ9OnjKzx9u/jOpEyWyY5SReKzRuiLraMG
+DCzRdCo/+k+ho4NTo9bd1/C+15DosydqngiTHzXTH4ULod1Ru67MDi8WQGpJNldu
+midjYYmX1e2tcqTjhGfFC/vNGlDOcbrONdkB2HVZkQGEZN9m/zPHwuDT7wKfYwID
+AQABo4HIMIHFMB0GA1UdDgQWBBTRDRPjp9BGzygpqf0BoCef65bQlTCBlQYDVR0j
+BIGNMIGKgBTRDRPjp9BGzygpqf0BoCef65bQlaFnpGUwYzELMAkGA1UEBhMCSU4x
+EjAQBgNVBAgTCUJhbmdhbG9yZTEVMBMGA1UEBxMMT3BlblNlY3VyaXR5MQ8wDQYD
+VQQKEwZNb2JTZWMxGDAWBgNVBAMTD01vYlNlY0ZyYW1ld29ya4IJAK0sM7Yqpr2R
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYl7FDfoQtm1eyBwCoLCz
+BzWvON+TKaNsz1WB9VgDKwWyEsXZvI9SgzIJNVrufv4RhMXfWyaDT0gd9lOlcG3A
+/B0jrxoUpHJLkfb1To4Nzf31xMlVjdgt0ThPCi8+LkDfHZZ8QAKDeDWOurNv+k9B
+Esury3f3jr2ni/u5FKhSlIk=
+-----END CERTIFICATE-----
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,901C188A374539B7
+
+jJvgOGNfdIEjVdKxW8fy2ZiaJANhu5oEy1s7k029A4Nkg7rhaDuOEXSw054KmEhj
+aKEX9CGVdJeMwvrFfXG/QnLbJR1NwnqI+ce6N3yKtO/FTLG9tcCsL06AaUkHT/If
+chj793TDvzTkea7rnIjIa8xYDZci3ok8XtppTbHyrQAkOuH6X0GMyyHLhFjSVph3
+Y7P/BjGGsV1u6Zz9i0ZSDQ8UAfS/NDVANgonleFmzh0jTT0GLHmQ17RI+G+Jm9VE
+/x3kzSqT68MJen1NANOselcPrMdz5JTjoxcKsaypcGu9RSVNIlefQPY8UoqAp8zk
+a40TqAOWij3a/pQ/1FP6sx4a4rpF+RIkNxT1fziWfJYKjbnHWd83YS31lYU0nFeT
+suaAnZCO2IduMruUh+gHkcMEoFk8JIxVsNNfNtRGQxBGQf6+QXZCgVRUGnCEiz+I
+Q15Xgwcxj7KvljiKX7V8LkqHrAtyC0SjnoQ8mf+VeIxvx1dEGbacQI75DMtyKrM3
+2lOOIXBDseUd1iTPiw3Q/UJyRJsxtFWetF4rsXnw+p6igfCzpTSJkQ3vXhjAP+wu
+xHJ5EbPOTmjN7+upN3+TqMZlsBYwPOsnF+w5lDOQu9LW1dBtLNK2QLIU7tWijFgo
++ULHx4fqsiLb7AVzheuLeqV+bqafo3vLheWSFqzPcacZf/k/vQGAyWsq4xztHMH3
+E4xNsU5CAZH7LXcSbr+KPBGwO1kco+4A1bYhleum7Wvl91IjBABnp/K+iqr2zTP7
+3BVRsMnLxMHMOfvVdB7aqdMNZgRD7KhPzDFYA9VEUVzYvbV3b8W0UA==
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1,95 @@
+#!/usr/bin/env python
+'''
+owtf is an OWASP+PTES-focused try to unite great tools & facilitate pentesting
+Copyright (c) 2013, Abraham Aranguren <name.surname@gmail.com>  http://7-a.org
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of the copyright owner nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Inbound Proxy Module developed by Bharadwaj Machiraju (blog.tunnelshade.in)
+#                     as a part of Google Summer of Code 2013
+'''
+from OpenSSL import crypto
+import os
+import hashlib
+import re
+
+
+def gen_signed_cert(domain, ca_crt, ca_key, ca_pass, certs_folder):
+    """
+    This function takes a domain name as a parameter and then creates a certificate and key with the
+    domain name(replacing dots by underscores), finally signing the certificate using specified CA and
+    returns the path of key and cert files. If you are yet to generate a CA then check the top comments
+    """
+    key_path = os.path.join(certs_folder, re.sub(
+        '[^-0-9a-zA-Z_]', '_', domain) + ".key")
+    cert_path = os.path.join(certs_folder, re.sub(
+        '[^-0-9a-zA-Z_]', '_', domain) + ".crt")
+
+    # The first conditions checks if file exists, and does nothing if true
+    # If file doenst exist lock is obtained for writing (Other processes in race must wait)
+    # After obtaining lock another check to handle race conditions gracefully
+    if os.path.exists(key_path) and os.path.exists(cert_path):
+        pass
+    else:
+
+        # Check happens if the certificate and key pair already exists for a
+        # domain
+        if os.path.exists(key_path) and os.path.exists(cert_path):
+            pass
+        else:
+            # Serial Generation - Serial number must be unique for each certificate,
+            # so serial is generated based on domain name
+            md5_hash = hashlib.md5()
+            md5_hash.update(domain)
+            serial = int(md5_hash.hexdigest(), 36)
+            # The CA stuff is loaded from the same folder as this script
+
+            ca_cert = crypto.load_certificate(
+                crypto.FILETYPE_PEM, open(ca_crt).read())
+            # The last parameter is the password for your CA key file
+            ca_key = crypto.load_privatekey(
+                crypto.FILETYPE_PEM, open(ca_key).read(), ca_pass)
+            key = crypto.PKey()
+            key.generate_key(crypto.TYPE_RSA, 2048)
+            cert = crypto.X509()
+            cert.get_subject().C = "IN"
+            cert.get_subject().ST = "BL"
+            cert.get_subject().L = "127.0.0.1"
+            cert.get_subject().O = "MobSec"
+            cert.get_subject().OU = "MobSec-Proxy"
+            cert.get_subject().CN = domain
+            cert.gmtime_adj_notBefore(0)
+            cert.gmtime_adj_notAfter(365 * 24 * 60 * 60)
+            cert.set_serial_number(serial)
+            cert.set_issuer(ca_cert.get_subject())
+            cert.set_pubkey(key)
+            cert.sign(ca_key, "sha1")
+            # The key and cert files are dumped and their paths are returned
+            domain_key = open(key_path, "w")
+            domain_key.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
+            domain_cert = open(cert_path, "w")
+            domain_cert.write(crypto.dump_certificate(
+                crypto.FILETYPE_PEM, cert))
+            # print(("[*] Generated signed certificate for %s" % (domain)))
+    return key_path, cert_path