Skip to content

Instantly share code, notes, and snippets.

@donpdonp

donpdonp/tls.js

Last active Oct 23, 2020
Embed
What would you like to do?
gluon tls ssl checks
(function() {
setup()
return {name:"tls"}
})
var watchlist = {}
var key = "tls:watchlist"
function setup() {
scan("*", function(result){
bot.say(bot.admin_channel, "tls scan: "+JSON.stringify(result))
})
}
function go(msg) {
if (msg.method == "clocktower") {
var now = new Date(Date.parse(msg.params.time))
if (now.getMinutes() == 0 && now.getHours() == 0) {
scan("*", function(result){
result.forEach(function(str, idx){
if(idx % 2 == 0) {
var parts = str.split(':')
var nick = parts[0]
var domain = parts[1]
var hostinfo = tls_check(domain, bot.admin_channel)
if (hostinfo.expired) {
bot.say(bot.admin_channel, nick+" EXPIRED "+hostinfo.expired+" "+domain)
}
}
})
})
}
}
if (msg.method == "irc.privmsg") {
var cmd = /^!tls(\s+(\S+))?(\s+(.*))?/.exec(msg.params.message)
if(cmd) {
if(cmd[2]) {
if (cmd[2] == "add") {
bot.say(msg.params.channel, "watching: "+cmd[4])
add_host(msg.params.nick, cmd[4])
} else
if (cmd[2] == "del") {
bot.say(msg.params.channel, "unwatching: "+cmd[4])
del_host(msg.params.nick, cmd[4])
} else
if (cmd[2] == "check") {
nickscan(msg.params.nick, function(result){
Object.keys(result).forEach(function(hostname){
var hostinfo = tls_check(hostname, msg.params.channel)
bot.say(msg.params.channel, hostname+": "+hostwords(hostinfo))
})
})
} else
if (cmd[2] == "list") {
nickscan(msg.params.nick, function(result){
bot.say(msg.params.channel, msg.params.nick+": "+Object.keys(result))
})
} else {
var hostinfo = tls_check(cmd[2], msg.params.channel)
bot.say(msg.params.channel, cmd[2]+": "+hostwords(hostinfo))
}
} else {
bot.say(msg.params.channel, "!tls [<domainname> | check | list | add <domainname> | del <domainname> ]")
}
}
}
}
function hostwords(hostinfo) {
var msg
if (hostinfo.expired) {
msg = "EXPIRED "+hostinfo.expired
} else if (hostinfo.error) {
msg = hostinfo.error.message
} else {
msg = hostinfo.tls.version+" "+ certFormat(hostinfo.tls["peer_certs"][0])
}
return msg
}
function tls_check(host, channel) {
var data = http.get({url:"https://"+host})
delete data.body // todo: http.head
var msg
if(data.error) {
if (data.error.message.indexOf('expired') >= 0) {
data.expired = data.error.message.slice(-20)
}
} else {
if(data.tls.version == 0x0304) { data.tls.version = "tls1.3" }
if(data.tls.version == 0x0303) { data.tls.version = "tls1.2" }
if(data.tls.version == 0x0302) { data.tls.version = "tls1.1" }
}
return data
}
function certFormat(cert) {
var dn = JSON.stringify(cert.dns_names)
var exp_date = new Date(cert.not_after)
var expires = (new Date()) > exp_date
var exp_date_str = cert.not_after.substr(0,10)
//[cert.not_after.getFullYear(), cert.not_after.getMonth(), cert.not_after.getDate() ].join('-')
return [(expires ? "EXPIRED " : "expires ")+exp_date_str,
"dns_names "+dn ].join(' ')
}
function add_host(nick, hostname) {
var dbkey = [key, nick, hostname].join(':')
db.set(dbkey, "{}", function(){
})
}
function del_host(nick, hostname) {
var dbkey = [key, nick, hostname].join(':')
db.del(dbkey)
}
function load_host(nick, hostname, cb) {
var dbkey = [key, nick, hostname].join(':')
db.get(dbkey, cb)
}
function nickscan(nick, cb) {
scan(nick+":*", function(result){
var hosts = {}
result.forEach(function(r,idx){
if (idx % 2 == 0) {
hosts[r.substr(nick.length+1)] = result[idx+1]
}
})
cb(hosts)
})
}
function scan(match, cb, cursor, answers, loop) {
if(cursor == null) { cursor = 0; answers = []; loop = 1 }
loop = loop + 1
db.scan(cursor, key+':'+match, 100, function(result){
cursor = result[0]
answers = answers.concat(result[1])
var count = answers.length/2
if(cursor == 0) {
var short_answers = answers.map(function(a, idx){
if(idx % 2 == 0) {
return a.substr(key.length+1)
} else {
return JSON.parse(a)
}
})
cb(short_answers)
} else {
if(loop < 1500) {
scan(match, cb, cursor, answers, loop)
} else {
cb({error: "tls scan overload. stopping."})
}
}
})
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.