Created
November 2, 2022 17:20
-
-
Save josehelps/1552da27126c2c9213fc58e5aa8a0b4b to your computer and use it in GitHub Desktop.
Python tool that starts listening for newly registered certificates writes down the entire certificate for the ones that have puny code on the SubjectAlternativeName field
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import certstream | |
import argparse | |
import json | |
import re | |
def write_cert(message): | |
try: | |
with open(OUTPUT_PATH, 'a') as outfile: | |
json.dump(message, outfile) | |
except Exection as e: | |
print("writing certificates to file: {0}".format(str(e))) | |
def callback(message, context): | |
if message['message_type'] == "heartbeat": | |
return | |
if message['message_type'] == "certificate_update": | |
SANS = message['data']['leaf_cert']['extensions']['subjectAltName'] | |
if re.search("xn--", SANS, flags=re.IGNORECASE): | |
print("Matched subjectAltName: {0}".format(SANS)) | |
if VERBOSE: | |
print(json.dumps(message, indent=2)) | |
write_cert(message) | |
if __name__ == "__main__": | |
# grab arguments | |
parser = argparse.ArgumentParser(description="starts listening for newly registered certificates writes down the entire certificate for the ones that have puny code on the SubjectAlternativeName field") | |
parser.add_argument("-o", "--output", required=False, default="certificates.log", | |
help="path to a JSON log file of the matches") | |
parser.add_argument("-v", "--verbose", default=False, action="store_true", required=False, | |
help="shows verbose output") | |
# parse them | |
args = parser.parse_args() | |
OUTPUT_PATH = args.output | |
VERBOSE = args.verbose | |
certstream.listen_for_events(callback, url='wss://certstream.calidog.io')% |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
poetry pyproject.toml
[tool.poetry]
name = "blackcert"
version = "0.1.0"
description = "monitors certs"
authors = ["josehelps josehelps@gmail.com"]
[tool.poetry.dependencies]
python = "^3.10"
certstream = "^1.12"
[tool.poetry.dev-dependencies]
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"