Created
April 18, 2011 19:11
-
-
Save MorganDavis/925961 to your computer and use it in GitHub Desktop.
This script will attempt to verify the certificate for the host name specified in the Google Certficate Database.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import ssl, hashlib | |
from datetime import date | |
from optparse import OptionParser | |
try: | |
from dns.resolver import query | |
from dns.exception import DNSException | |
except ImportError: | |
print "Failed to Import DNSPython module" | |
exit(1) | |
def checkcert(server, port): | |
try: | |
cert = ssl.PEM_cert_to_DER_cert(ssl.get_server_certificate((server,port))) #Retrieve Server Certificate | |
certhash = hashlib.sha1(cert).hexdigest() #SHA1 the Entire Cert | |
except: | |
print "ERROR: Host Connect Failure" | |
print "Unable to retrieve certificate" | |
exit(1) | |
lookupdomain = 'certs.googlednstest.com' | |
lookupname = certhash+'.'+lookupdomain | |
try: | |
gcertdb = query(lookupname, 'TXT') #Lookup via DNS | |
except DNSException: | |
print "ERROR: DNS Exception" | |
exit(1) | |
answer = gcertdb[0].to_text().strip('"').split(' ') #Split TXT record response | |
return answer | |
def display_results(answer): | |
firstseen = int(answer[0])+719163 #"Day#" returned by Google is number of days since 1970 (epoch) | |
lastseen = int(answer[1])+719163 #Python Date assumes days from 1900, add 719163 to correct | |
firstseendate = date.fromordinal(firstseen).isoformat() | |
lastseendate = date.fromordinal(lastseen).isoformat() | |
daysbetween = answer[2] | |
thisday = int(date.today().toordinal()) | |
print "Cert First Seen: " + firstseendate + " (" + str((thisday - firstseen)) + " days ago)" | |
print "Cert Last Seen: " + lastseendate + " (" + str((thisday - lastseen)) + " days ago)" | |
print "No of Days Seen In Between: " + daysbetween | |
return | |
if __name__ == '__main__': | |
vers = '0.1' | |
descr = """This script will attempt to verify the certificate for the host name specified in the Google Certficate Database.""" | |
usage = """""" | |
parser = OptionParser(usage=usage, version='%prog '+vers, description=descr) | |
parser.add_option('-s', '--server', dest='server', help='Server', default='www.google.com', type='string', action='store') | |
parser.add_option('-p', '--port', dest='port', help='Port Number', default=443, type='int', action='store') | |
(opts, args) = parser.parse_args() | |
if opts.server: | |
server = opts.server | |
if opts.port: | |
port = opts.port | |
answer = checkcert(server, port) | |
display_results(answer) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment