Refactor and Update README.md

README.md

@@ -28,7 +28,7 @@ or
 ```
 ./ssl_checker.py -h
 usage: ssl_checker.py (-H [HOSTS [HOSTS ...]] | -f HOST_FILE) [-s HOST:PORT]
-                      [-c FILENAME.CSV] [-j] [-J] [-a] [-v] [-h]
+                      [-c FILENAME.CSV] [-j] [-S] [-J] [-a] [-v] [-h]
 
 Collects useful information about given host's SSL certificates.
 
@@ -42,6 +42,7 @@ optional arguments:
   -c FILENAME.CSV, --csv FILENAME.CSV
                         Enable CSV file export
   -j, --json            Enable JSON in the output
+  -S, --summary         Enable summary output only
   -J, --json-save       Enable JSON export individually per host
   -a, --analyze         Enable SSL security analysis on the host
   -v, --verbose         Enable verbose to see what is going on
@@ -62,6 +63,8 @@ Port is optional here. The script will use 443 if not specified.
 
 `-j, --json ` Use this if you want to only have the result in JSON
 
+`-S, --summary ` This argument will show quick summary in the output
+
 `-J, --json-save` Use this if you want to save as JSON file per host
 
 `-a, --analyze` This argument will include security analyze on the certificate. Takes more time. No result means failed to analyze. 
@@ -72,47 +75,6 @@ Port is optional here. The script will use 443 if not specified.
 
 
 
-## Censored?
-
-No problem. Pass `-s/--socks` argument to the script with `HOST:PORT` format to connect through SOCKS proxy.
-
-```
-narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H facebook.com
-+-------------------+
-|Analyzing 1 host(s)|
-+-------------------+
-
-	[-] facebook.com         Failed: [Errno 111] Connection refused
-
-+------------------------------------------------------+
-| Successful: 0 | Failed: 1 | Duration: 0:00:00.710470 |
-+------------------------------------------------------+
-
-narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H facebook.com -s localhost:9050
-+-------------------+
-|Analyzing 1 host(s)|
-+-------------------+
-
-	[+] facebook.com
-
-		Issued domain: *.facebook.com
-		Issued by: DigiCert Inc
-		Valid from: 2017-12-15
-		Valid to: 2019-03-22 (334 days left)
-		Validity days: 462
-		Certificate S/N: 14934250041293165463321169237204988608
-		Certificate version: 2
-		Certificate algorithm: sha256WithRSAEncryption
-		Expired: False
-
-+------------------------------------------------------+
-| Successful: 1 | Failed: 0 | Duration: 0:00:00.710470 |
-+------------------------------------------------------+
-```
-
-
-
-
 ## Example
 
 ```
@@ -125,11 +87,12 @@ narbeh@narbeh-laptop:~/ssl-checker$ ./ssl_checker.py -H time.com github.com:443
 		Issued domain: time.com
 		Issued to: None
 		Issued by: Amazon (US)
-		Valid from: 2018-11-07
-		Valid to: 2019-12-07 (159 days left)
-		Validity days: 395
-		Certificate S/N: 10018094209647532371913518187860771165
-		Certificate SHA1 FP: 64:C4:2E:AF:38:2A:28:64:A0:A8:B8:6B:02:05:86:1F:E7:F6:E5:FF
+		Valid from: 2019-09-06
+		Valid to: 2020-10-06 (78 days left)
+		Validity days: 396
+		Certificate valid: True
+		Certificate S/N: 20641318859548253362475798736742284477
+		Certificate SHA1 FP: D5:CE:1B:77:AB:59:C9:BE:37:58:0F:5D:73:97:64:98:C4:3E:43:30
 		Certificate version: 2
 		Certificate algorithm: sha256WithRSAEncryption
 		Expired: False
@@ -143,11 +106,12 @@ narbeh@narbeh-laptop:~/ssl-checker$ ./ssl_checker.py -H time.com github.com:443
 		Issued domain: github.com
 		Issued to: GitHub, Inc.
 		Issued by: DigiCert Inc (US)
-		Valid from: 2018-05-08
-		Valid to: 2020-06-03 (338 days left)
-		Validity days: 757
-		Certificate S/N: 13324412563135569597699362973539517727
-		Certificate SHA1 FP: CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84
+		Valid from: 2020-05-05
+		Valid to: 2022-05-10 (659 days left)
+		Validity days: 735
+		Certificate valid: True
+		Certificate S/N: 7101927171473588541993819712332065657
+		Certificate SHA1 FP: 5F:3F:7A:C2:56:9F:50:A4:66:76:47:C6:A1:8C:A0:07:AA:ED:BB:8E
 		Certificate version: 2
 		Certificate algorithm: sha256WithRSAEncryption
 		Expired: False
@@ -155,9 +119,78 @@ narbeh@narbeh-laptop:~/ssl-checker$ ./ssl_checker.py -H time.com github.com:443
 		 \_ DNS:github.com
 		 \_ DNS:www.github.com
 
-+------------------------------------------------------+
-| Successful: 2 | Failed: 0 | Duration: 0:00:01.429145 |
-+------------------------------------------------------+
+
++-------------------------------------------------------------------------------------------+
+| Successful: 2 | Failed: 0 | Valid: 2 | Warning: 0 | Expired: 0 | Duration: 0:00:07.694433 |
++-------------------------------------------------------------------------------------------+
+```
+
+
+
+## Censored?
+
+No problem. Pass `-s/--socks` argument to the script with `HOST:PORT` format to connect through SOCKS proxy.
+
+```
+narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H facebook.com
++-------------------+
+|Analyzing 1 host(s)|
++-------------------+
+
+	[-] facebook.com         Failed: [Errno 111] Connection refused
+
++-------------------------------------------------------------------------------------------+
+| Successful: 0 | Failed: 1 | Valid: 0 | Warning: 0 | Expired: 0 | Duration: 0:00:04.109058 |
++-------------------------------------------------------------------------------------------+
+
+narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H facebook.com -s localhost:9050
++---------------------+
+| Analyzing 1 host(s) |
++---------------------+
+	[+] facebook.com
+	-----------------
+		Issued domain: *.facebook.com
+		Issued to: Facebook, Inc.
+		Issued by: DigiCert Inc (US)
+		Valid from: 2020-05-14
+		Valid to: 2020-08-05 (16 days left)
+		Validity days: 83
+		Certificate valid: True
+		Certificate S/N: 19351530099991824979726880175805235719
+		Certificate SHA1 FP: 89:7F:54:63:61:34:2F:7E:B4:B5:68:E2:92:79:D2:98:B4:97:D8:EA
+		Certificate version: 2
+		Certificate algorithm: sha256WithRSAEncryption
+		Expired: False
+		Certificate SAN's: 
+		 \_ DNS:*.facebook.com
+		 \_ DNS:*.facebook.net
+		 \_ DNS:*.fbcdn.net
+		 \_ DNS:*.fbsbx.com
+		 \_ DNS:*.messenger.com
+		 \_ DNS:facebook.com
+		 \_ DNS:messenger.com
+		 \_ DNS:*.m.facebook.com
+		 \_ DNS:*.xx.fbcdn.net
+		 \_ DNS:*.xy.fbcdn.net
+		 \_ DNS:*.xz.fbcdn.net
+
+
++-------------------------------------------------------------------------------------------+
+| Successful: 1 | Failed: 0 | Valid: 1 | Warning: 0 | Expired: 0 | Duration: 0:00:00.416188 |
++-------------------------------------------------------------------------------------------+
+```
+
+
+
+## Quick Summary
+
+Sometimes you need to run the script and get the quick summary of the hosts. By passing `-S/--summary` you will get the quick overview of the result.
+
+```
+narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H narbeh.org:443 test.com twitter.com -S
++-------------------------------------------------------------------------------------------+
+| Successful: 3 | Failed: 0 | Valid: 3 | Warning: 0 | Expired: 0 | Duration: 0:00:01.958670 |
++-------------------------------------------------------------------------------------------+
 ```
 
 
@@ -206,12 +239,10 @@ Warning: -a/--analyze is enabled. It takes more time...
 Example only with the `-j/--json` argument which shows the JSON only. Perfect for piping to another tool.
 
 ```
-narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -j -H  narbeh.org:443 test.com
-{"narbeh.org": {"issued_to": "narbeh.org", "cert_sans": "DNS:narbeh.org", "valid_till": "2019-12-26", "valid_from": "2019-09-27", "issuer_ou": null, "days_left": 25, "cert_ver": 2, "tcp_port": 443, "cert_alg": "sha256WithRSAEncryption", "issued_o": null, "cert_exp": false, "cert_sha1": "05:52:4E:89:1E:98:1D:40:C1:41:F4:DD:F7:51:86:20:27:CF:E7:7F", "issuer_c": "US", "issuer_cn": "Let's Encrypt Authority X3", "issuer_o": "Let's Encrypt", "validity_days": 90, "cert_sn": 293690843427182569577385918507679703674563}}
+narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -j -H narbeh.org:443
+{"narbeh.org": {"host": "narbeh.org", "issued_to": "sni.cloudflaressl.com", "issued_o": "Cloudflare, Inc.", "issuer_c": "US", "issuer_o": "CloudFlare, Inc.", "issuer_ou": null, "issuer_cn": "CloudFlare Inc ECC CA-2", "cert_sn": "20958932659753030511717961095784314907", "cert_sha1": "FC:2D:0E:FD:DE:C0:98:7D:23:D2:E7:14:4C:07:6A:3D:25:25:49:B6", "cert_alg": "ecdsa-with-SHA256", "cert_ver": 2, "cert_sans": "DNS:sni.cloudflaressl.com; DNS:narbeh.org; DNS:*.narbeh.org", "cert_exp": false, "cert_valid": true, "valid_from": "2020-04-02", "valid_till": "2020-10-09", "validity_days": 190, "days_left": 81, "valid_days_to_expire": 81, "tcp_port": 443}}
 ```
 
-
-
 CSV export is also easy. After running the script with `-c/--csv` argument and specifying `filename.csv` after it, you'll have something like this:
 
 ```
@@ -231,6 +262,19 @@ validity_days,90
 cert_sn,338163108483756707389368573553026254634358
 ```
 
+Finally, if you want to export JSON's output per host in a separated file, use `-J/--json-save`. This will export JSON's output per host. 
+
+
+
+# As a Python Module
+
+Simply import the `ssl_checker.py` into your python script and use it as a module.
+
+```
+from ssl_checker import SSLChecker
+SSLCheckerObject = SSLChecker()  
+```
+
 
 
 # Docker

ssl_checker.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 import socket
 import sys
 
@@ -328,7 +328,7 @@ class SSLChecker:
                             help='Enable JSON in the output')
         parser.add_argument('-S', '--summary', dest='summary_true',
                             action='store_true', default=False,
-                            help='Enable only summery output')
+                            help='Enable summary output only')
         parser.add_argument('-J', '--json-save', dest='json_save_true',
                             action='store_true', default=False,
                             help='Enable JSON export individually per host')