Skip to content

Instantly share code, notes, and snippets.

@n0x08
Created March 5, 2018 15:16
Show Gist options
  • Save n0x08/acfefb2fc290bf532f502979d31a64e1 to your computer and use it in GitHub Desktop.
Save n0x08/acfefb2fc290bf532f502979d31a64e1 to your computer and use it in GitHub Desktop.
Shodan SSL Chain cert details
# !/usr/bin/env python
# sslChainDeetz.py
#
# Dependencies:
# - shodan
# - pyOpenSSL
#
# Installation:
# sudo easy_install shodan
#
# Usage:
# 1. Download a json.gz file from Shoda which contains chain certfificates
# Example:
# shodan download --limit 100 sample country:US port:443 ssl.chain_count:2
# 2. Run the tool on the file:
# python sslChainDeetz.py sample.json.gz
# 3. Script will output all certificate details including True/False on whether cert expired
#
#
from sys import argv
from OpenSSL import crypto
from shodan.helpers import iterate_files, get_ip
for banner in iterate_files(argv[1:]):
ip = get_ip(banner)
try:
for certlist in banner['ssl']['chain']:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, certlist)
# Certificate details
subject = cert.get_subject()
issued_to = subject.CN # the Common Name field
# Issuer details
issuer = cert.get_issuer()
issuedOU = issuer.OU
issuedST = issuer.ST
issuedO = issuer.O
issuedL = issuer.L
issuedC = issuer.C
issuedCN = issuer.CN
# Validity & Serial details
issued = cert.get_notBefore()
expires = cert.get_notAfter()
serial = cert.get_serial_number()
expired = cert.has_expired()
print('{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:Expired={}'.format(ip, issued_to, issuedOU, issuedST, issuedO, issuedL, issuedCN, issuedC, issued, expires, serial, expired))
#print(expires)
except:
pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment