Skip to main content

cero

Cero is a powerful discovery tool in Canva workflows that connects to remote hosts to extract domain names from TLS certificates. It streamlines the process of identifying valid domain names associated with a set of targets, enhancing visibility into network assets as part of automated security assessments.

Ideal Use Cases & Fit

Cero is ideally suited for scenarios that involve reconnaissance activities, especially where the goal is to obtain valid domain names from a list of IP addresses or domain names. Typical input includes newline-separated lists of hosts in formats such as domains or CIDR ranges. It resolves the challenge of distinguishing valid domains from noise in responses, making it an invaluable tool for passive reconnaissance or risk assessment. However, it may not be appropriate for environments where interactive or real-time domain resolution is necessary.

Value in Workflows

In automated security workflows, cero provides essential insights during early reconnaissance phases. By extracting valid domain names, it sets the stage for further analysis and risk evaluation. Its output aids subsequent steps in workflows such as vulnerability scanning and threat modeling, enhancing overall security posture.

Input Data

Cero expects input in the form of a file containing newline-separated hosts, which can include domains, IP addresses, or CIDR ranges. The required field for this parameter is:

  • target: A file (e.g., targets.txt), where each line represents an individual host to analyze.
    Example: 
    example.com
    10.0.0.1
    192.168.1.0/24

Configuration

  • ports: Specifies the TLS ports to use for connection attempts, allowing customization based on network architecture.
  • timeout: Controls the duration for TLS connection attempts in seconds, enabling adjustments based on environmental constraints.
  • valid-domains-only: When enabled, this option ensures that only valid domain names are included in the output, filtering out IPs, wildcards, and non-standard entries.

These configurable parameters allow for tailored scanning runs to fit diverse network conditions and goals.