Created
September 4, 2018 22:24
-
-
Save spagu/40f4a6d1a65a72598e6f44dd686e075f to your computer and use it in GitHub Desktop.
expiry_sslcheck.sh is a tool for monitoring SSL domains to avoid expiration date.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/local/bin/bash | |
# All Rights reseverd to tradik.com | |
readonly VERSION=1.4.12 | |
UNAME='/usr/bin/uname' | |
# Config you can make in here: | |
DATABASE="$1.db" | |
SQLITE='/usr/local/bin/sqlite3' | |
DIG='/usr/local/bin/dig' | |
DATECMD='/bin/date' | |
OPENSSL='/usr/bin/openssl' | |
note() { | |
echo "NOTE: $*" > /dev/stderr | |
} | |
err() { | |
echo "ERROR: $*" > /dev/stderr | |
} | |
fatal() { | |
echo "FATAL: $*" > /dev/stderr | |
exit 1 | |
} | |
warn() { | |
echo "WARNING: $*" > /dev/stderr | |
} | |
# Operationg System specific variables to be added: | |
OS=$(${UNAME}) | |
case $OS in | |
'FreeBSD') | |
;; | |
'SunOS') | |
;; | |
'Linux') | |
;; | |
*) | |
fatal "Your OS isn't supported" | |
;; | |
esac | |
# Function helpers | |
check_certs() { | |
name="$1" | |
shift | |
now_epoch=$( ${DATECMD} +%s ) | |
${DIG} +noall +answer "${name}" | while read _ _ _ _ ip; | |
do | |
echo -n "${name} | " | |
echo -n "${ip} | " | |
expiry_date=$( echo | ${OPENSSL} s_client -showcerts -servername "${name}" -connect "$ip:443" 2>/dev/null | ${OPENSSL} x509 -inform pem -noout -enddate | cut -d "=" -f 2 ) | |
echo -n "${expiry_date} | "; | |
expiry_epoch=$( ${DATECMD} -j -f "%b %d %T %Y %Z" "${expiry_date}" +%s ) | |
expiry_days="$(( (${expiry_epoch} - ${now_epoch}) / (3600 * 24) ))" | |
echo "${expiry_days} days" | |
${SQLITE} "${DATABASE}" "INSERT INTO certs ( domain, ip, expiry, days ) VALUES ('${name}', '${ip}', '${expiry_date}' ,'${expiry_days}' );" | |
done | |
} | |
help() { | |
cat << EOF | |
${0##*/} v${VERSION} by Tradik Limited | |
Syntax: | |
${0##*/} database [ options ] | |
DESCRIPTION: | |
${0##*/} is a tool for monitoring SSL domains to avoid expiration date. | |
OPTIONS: | |
-a domain = Add domain to check database | |
-i = Init database ( custom name ) | |
-r domain = Remove domain | |
-h = Show this help | |
-s = Recheck all domains (daily cron suggested) | |
-ld = List all domains | |
-le days = List domains with expiration ess than 'days' | |
EXAMPLES: | |
${0##*/} internals -i | |
create database 'internals' | |
${0##*/} internals -ld 14 | |
list domains with less than 14 days expiration from internals database | |
${0##*/} external -a exmaple.com | |
add and check domain example.com to database external | |
EOF | |
exit 0 | |
} | |
[ $# = 0 ] && help | |
[ "$1" = '-h' -o $1 = "--help" ] && help | |
init() { | |
${SQLITE} "${DATABASE}" "create table certs (id INTEGER PRIMARY KEY,domain TEXT, ip TEXT, cheked DATETIME DEFAULT CURRENT_TIMESTAMP, expiry TEXT, days INT );" | |
echo "${DATABASE} created." | |
} | |
add_domain() { | |
check_certs "$1" | |
echo "Domain $1 added to ${DATABASE}" | |
} | |
scan_domains() { | |
DOMAINS=$(${SQLITE} "${DATABASE}" "SELECT DISTINCT domain FROM certs ORDER BY domain;") | |
for domain in ${DOMAINS}; do | |
check_certs "${domain}" | |
done | |
} | |
list_all() { | |
DOMAINS=$(${SQLITE} "${DATABASE}" "SELECT DISTINCT domain FROM certs ORDER BY domain;") | |
for domain in ${DOMAINS}; do | |
echo "${domain}" | |
done | |
} | |
list_expired() { | |
DAYS="$1" | |
DOMAINS=$(${SQLITE} "${DATABASE}" "SELECT domain,days FROM certs WHERE days<=${DAYS} GROUP BY domain ORDER BY cheked;") | |
IFS=$'\n' | |
for domain in "${DOMAINS[@]}"; do | |
echo "${domain[0]}" | |
done | |
} | |
delete_domain() { | |
${SQLITE} "${DATABASE}" "DELETE FROM certs WHERE domain='$1';" | |
echo "Domain $1 removed from ${DATABASE}" | |
} | |
while [ "$2" = '-a' -o "$2" = '-i' -o "$2" = '-s' -o "$2" = '-ld' -o "$2" = '-le' -o "$2" = '-r' ]; do | |
case "$2" in | |
'-a') | |
add_domain "$3" | |
shift | |
;; | |
'-i') | |
init | |
shift | |
;; | |
'-s') | |
scan_domains | |
shift | |
;; | |
'-r') | |
delete_domain "$3" | |
shift | |
;; | |
'-ld') | |
list_all | |
shift | |
;; | |
'-le') | |
list_expired "$3" | |
shift | |
;; | |
esac | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment