Puppet Server Naive Signing Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Puppet Server Naive Signing Scanner Detail

You can scan Puppet server to see whether naive signing is enabled by using this tool.

Detects if naive signing is enabled on a Puppet server. This enables attackers to create any Certificate Signing Request and have it signed, allowing them to impersonate as a puppet agent. This can leak the configuration of the agents as well as any other sensitive information found in the configuration files.

This script makes use of the Puppet HTTP API interface to sign the request.

This script has been Tested on versions 3.8.5, 4.10.


Some Advice for Common Problems

You should be able to set up a secure autosigning system as long as you can provide reasonable end-to-end security for secret data on your nodes.

For more, see the Reference section.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service