Revert Back To pyOpenSSL Again!!!
This commit is contained in:
Narbeh
parent
be0c23b481
commit
6a14ff3796
12
README.md
12
README.md
@ -1,17 +1,23 @@
|
|||||||
# SSL Checker
|
# SSL Checker
|
||||||
#### Simple Python script that collects SSL information from hosts
|
#### Simple Python script that collects SSL information from hosts
|
||||||
|
|
||||||
# About
|
## About
|
||||||
|
|
||||||
It's a simple script running in python that collects SSL information then it returns the group of information in JSON.
|
It's a simple script running in python that collects SSL information then it returns the group of information in JSON.
|
||||||
|
|
||||||
# Usage
|
## Requirements
|
||||||
|
|
||||||
|
You only need to installl pyOpenSSL:
|
||||||
|
|
||||||
|
`pip install pyopenssl`
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
`python ssl_checker.py host1[:port] [host2:port] [host3:port]...`
|
`python ssl_checker.py host1[:port] [host2:port] [host3:port]...`
|
||||||
|
|
||||||
Port is optional here. The script will use 443 if not specified.
|
Port is optional here. The script will use 443 if not specified.
|
||||||
|
|
||||||
# Example
|
## Example
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
narbeh@narbeh-xps:~/ssl-checker$ python ssl_checker.py cisco.com archive.org ttttessssttt.com
|
narbeh@narbeh-xps:~/ssl-checker$ python ssl_checker.py cisco.com archive.org ttttessssttt.com
|
||||||
|
|||||||
@ -2,8 +2,14 @@
|
|||||||
import socket
|
import socket
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from ssl import create_default_context
|
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
from ssl import PROTOCOL_TLSv1
|
||||||
|
|
||||||
|
try:
|
||||||
|
from OpenSSL import SSL
|
||||||
|
except ImportError:
|
||||||
|
print('Required module does not exist. Install: pip install pyopenssl')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
class TextColor:
|
class TextColor:
|
||||||
@ -17,18 +23,28 @@ class TextColor:
|
|||||||
|
|
||||||
def get_cert(host, port):
|
def get_cert(host, port):
|
||||||
"""Connection to the host."""
|
"""Connection to the host."""
|
||||||
sslctx = create_default_context()
|
osobj = SSL.Context(PROTOCOL_TLSv1)
|
||||||
sock = sslctx.wrap_socket(socket.socket(), server_hostname=host)
|
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
sock.connect((host, int(port)))
|
sock.connect((host, int(port)))
|
||||||
print('\t{}[+]{} {}'.format(TextColor.GREEN, TextColor.RESET, host))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print('\t{}[-]{} {} failed: {}'.format(TextColor.RED, TextColor.RESET, host, e))
|
print('\t{}[-]{} {} failed: {}'.format(TextColor.RED, TextColor.RESET, host, e))
|
||||||
return None
|
return None
|
||||||
|
|
||||||
cert = sock.getpeercert()
|
oscon = SSL.Connection(osobj, sock)
|
||||||
|
oscon.set_tlsext_host_name(host.encode())
|
||||||
|
oscon.set_connect_state()
|
||||||
|
try:
|
||||||
|
oscon.do_handshake()
|
||||||
|
except Exception as e:
|
||||||
|
print('\t{}[-]{} {} failed: {}'.format(TextColor.RED, TextColor.RESET, host, e))
|
||||||
|
return None
|
||||||
|
|
||||||
|
print('\t{}[+]{} {}'.format(TextColor.GREEN, TextColor.RESET, host))
|
||||||
|
cert = oscon.get_peer_certificate()
|
||||||
sock.close()
|
sock.close()
|
||||||
|
|
||||||
return cert
|
return cert
|
||||||
|
|
||||||
|
|
||||||
@ -36,30 +52,28 @@ def get_cert_info(cert):
|
|||||||
"""Get all the information about cert and create a JSON file."""
|
"""Get all the information about cert and create a JSON file."""
|
||||||
context = {}
|
context = {}
|
||||||
|
|
||||||
issued_to = dict(x[0] for x in cert['subject'])
|
context['issuer_c'] = cert.get_issuer().countryName
|
||||||
issued_by = dict(x[0] for x in cert['issuer'])
|
context['issuer_o'] = cert.get_issuer().organizationName
|
||||||
|
context['issuer_ou'] = cert.get_issuer().organizationalUnitName
|
||||||
context['issuer_c'] = issued_by['countryName']
|
context['issuer_cn'] = cert.get_issuer().commonName
|
||||||
context['issuer_o'] = issued_by['organizationName']
|
context['cert_sn'] = cert.get_serial_number()
|
||||||
context['issuer_cn'] = issued_by['commonName']
|
context['cert_alg'] = cert.get_signature_algorithm().decode()
|
||||||
context['issued_to'] = issued_to['commonName']
|
context['cert_ver'] = cert.get_version()
|
||||||
context['cert_sn'] = cert['serialNumber']
|
context['cert_exp'] = cert.has_expired()
|
||||||
context['cert_ver'] = cert['version']
|
|
||||||
|
|
||||||
# Valid from
|
# Valid from
|
||||||
valid_from = datetime.strptime(cert['notBefore'], '%b %d %H:%M:%S %Y %Z')
|
valid_from = datetime.strptime(cert.get_notBefore().decode('ascii'),
|
||||||
|
'%Y%m%d%H%M%SZ')
|
||||||
context['valid_from'] = valid_from.strftime('%Y-%m-%d')
|
context['valid_from'] = valid_from.strftime('%Y-%m-%d')
|
||||||
|
|
||||||
# Vali till
|
# Valid till
|
||||||
valid_till = datetime.strptime(cert['notAfter'], '%b %d %H:%M:%S %Y %Z')
|
valid_till = datetime.strptime(cert.get_notAfter().decode('ascii'),
|
||||||
|
'%Y%m%d%H%M%SZ')
|
||||||
context['valid_till'] = valid_till.strftime('%Y-%m-%d')
|
context['valid_till'] = valid_till.strftime('%Y-%m-%d')
|
||||||
|
|
||||||
# Validity days
|
# Validity days
|
||||||
context['validity_days'] = (valid_till - valid_from).days
|
context['validity_days'] = (valid_till - valid_from).days
|
||||||
|
|
||||||
# Expiry check
|
|
||||||
context['expired'] = False if valid_till >= datetime.now() else True
|
|
||||||
|
|
||||||
return context
|
return context
|
||||||
|
|
||||||
|
|
||||||
@ -76,7 +90,7 @@ def show_result(hosts):
|
|||||||
else:
|
else:
|
||||||
failed_cnt += 1
|
failed_cnt += 1
|
||||||
|
|
||||||
print('\n{} successful and {} failed.'.format(len(hosts) - failed_cnt, failed_cnt))
|
print('\n{} successful and {} failed.\n'.format(len(hosts) - failed_cnt, failed_cnt))
|
||||||
|
|
||||||
print(context)
|
print(context)
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user