mali/ssl-checker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ssl-checker/README.md
Narbeh 8e128f05f5 Update README.md
2018-04-21 17:38:40 +04:30

4.8 KiB
Raw Blame History

SSL Checker

Simple Python script that collects SSL information from hosts

About

It's a simple script running in python that collects SSL information then it returns the group of information in JSON. It can also connects trough your specified SOCKS server.

Requirements

You only need to installl pyOpenSSL:

pip install pyopenssl

Usage

./ssl_checker.py -h
usage: ssl_checker.py -H [HOSTS [HOSTS ...]] [-s HOST:PORT] [-j]
                      [-c FILENAME.CSV] [-p] [-h]

optional arguments:
  -H [HOSTS [HOSTS ...]], --host [HOSTS [HOSTS ...]]
                        Hosts as input separated by space
  -s HOST:PORT, --socks HOST:PORT
                        Enable SOCKS proxy for connection
  -j, --json            Enable JSON in the output
  -c FILENAME.CSV, --csv FILENAME.CSV
                        Enable CSV file export
  -p, --pretty          Print pretty and more human readable Json
  -h, --help            Show this help message and exit

Port is optional here. The script will use 443 if not specified.

-H, --host Enter the hosts separated by space

-s, --socks Enable connection through SOCKS server

-j, --json Use this if you want to only have the result in JSON

-c, --csv Enable CSV file export by specifying filename.csv after this argument

-p, --pretty Use this with -j to print indented and human readable JSON

-h, --help Shows the help and exit

Censored?

No problem. Pass -s/--socks argument to the script with HOST:PORT format to connect through SOCKS proxy.

narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H facebook.com
Analyzing 1 host(s):
--------------------

	[-] facebook.com         Failed: [Errno 111] Connection refused
	----

0 successful and 1 failed

narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H facebook.com -s localhost:9050
Analyzing 1 host(s):
--------------------

	[+] facebook.com

		Issued domain: *.facebook.com
		Issued by: DigiCert Inc
		Valid from: 2017-12-15
		Valid to: 2019-03-22 (334 days left)
		Validity days: 462
		Certificate S/N: 14934250041293165463321169237204988608
		Certificate version: 2
		Certificate algorithm: sha256WithRSAEncryption
		Expired: False
	----

1 successful and 0 failed

Example

narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -H narbeh.org google.com:443 facebook.com
Analyzing 3 host(s):
-------------------

	[+] narbeh.org

		Issued domain: narbeh.org
		Issued by: Let's Encrypt
		Valid from: 2018-04-21
		Valid to: 2018-07-20 (89 days left)
		Validity days: 90
		Certificate S/N: 338163108483756707389368573553026254634358
		Certificate version: 2
		Certificate algorithm: sha256WithRSAEncryption
		Expired: False
	----
	[+] google.com

		Issued domain: *.google.com
		Issued by: Google Inc
		Valid from: 2018-03-28
		Valid to: 2018-06-20 (59 days left)
		Validity days: 83
		Certificate S/N: 2989116342670522968
		Certificate version: 2
		Certificate algorithm: sha256WithRSAEncryption
		Expired: False
	----
	[-] facebook.com         Failed: [Errno 111] Connection refused
	----

2 successful and 1 failed

Example only with the -j/--json and -p/--pretty arguments which shows the JSON only. Perfect for piping to another tool.

narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -j -p -H  narbeh.org:443 test.com
{'narbeh.org': {'cert_alg': u'sha256WithRSAEncryption',
                'cert_exp': False,
                'cert_sn': 338163108483756707389368573553026254634358L,
                'cert_ver': 2,
                'issued_to': u'narbeh.org',
                'issuer_c': u'US',
                'issuer_cn': u"Let's Encrypt Authority X3",
                'issuer_o': u"Let's Encrypt",
                'issuer_ou': None,
                'valid_from': '2018-04-21',
                'valid_till': '2018-07-20',
                'validity_days': 90},
 'test.com': {'cert_alg': u'sha256WithRSAEncryption',
              'cert_exp': False,
              'cert_sn': 73932709062103623902948514363737041075L,
              'cert_ver': 2,
              'issued_to': u'www.test.com',
              'issuer_c': u'US',
              'issuer_cn': u'Network Solutions DV Server CA 2',
              'issuer_o': u'Network Solutions L.L.C.',
              'issuer_ou': None,
              'valid_from': '2017-01-15',
              'valid_till': '2020-01-24',
              'validity_days': 1104}}

CSV export is also easy. After running the script with -c/--csv argument and specifying filename.csv after it, you'll have something like this:

narbeh@narbeh-xps:~/ssl-checker$ cat domain.csv 
narbeh.org
issued_to,narbeh.org
valid_till,2018-07-20
valid_from,2018-04-21
issuer_ou,None
cert_ver,2
cert_alg,sha256WithRSAEncryption
cert_exp,False
issuer_c,US
issuer_cn,Let's Encrypt Authority X3
issuer_o,Let's Encrypt
validity_days,90
cert_sn,338163108483756707389368573553026254634358