Python tool that starts listening for newly registered certificates writes down the entire certificate for the ones that have puny code on the SubjectAlternativeName field

transparent-puny.py

import certstream
import argparse
import json
import re

def write_cert(message):
    try:
        with open(OUTPUT_PATH, 'a') as outfile:
            json.dump(message, outfile)
    except Exection as e:
        print("writing certificates to file: {0}".format(str(e)))

def callback(message, context):
    if message['message_type'] == "heartbeat":
        return

    if message['message_type'] == "certificate_update":

        SANS = message['data']['leaf_cert']['extensions']['subjectAltName']
        if re.search("xn--", SANS, flags=re.IGNORECASE):
            print("Matched subjectAltName: {0}".format(SANS))
            if VERBOSE:
                print(json.dumps(message, indent=2))
            write_cert(message)
          
        

if __name__ == "__main__":
    # grab arguments
    parser = argparse.ArgumentParser(description="starts listening for newly registered certificates writes down the entire certificate for the ones that have puny code on the SubjectAlternativeName field")
    parser.add_argument("-o", "--output", required=False, default="certificates.log",
                        help="path to a JSON log file of the matches")

    parser.add_argument("-v", "--verbose", default=False, action="store_true", required=False,
                        help="shows verbose output")
    # parse them
    args = parser.parse_args()
    OUTPUT_PATH = args.output
    VERBOSE = args.verbose

    certstream.listen_for_events(callback, url='wss://certstream.calidog.io')%