varnav/cert-expiration-scanner.py

## cert-expiration-scanner.py
#!/usr/bin/env python3

import ssl
import socket
import datetime

class bcolors:
    HEADER = '\033[95m'
    OKBLUE = '\033[94m'
    OKCYAN = '\033[96m'
    OKGREEN = '\033[92m'
    WARNING = '\033[93m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'
    BOLD = '\033[1m'
    UNDERLINE = '\033[4m'


list = [
  "www.google.com",
  "www.twitter.com"
]

err = 0
warn = 0
ssl_date_fmt = r'%b %d %H:%M:%S %Y %Z'

for item in list:
    url = 'https://' + item + '/'
    print(url)
    try:
        context = ssl.create_default_context()
        context.check_hostname = False
        conn = context.wrap_socket(
            socket.socket(socket.AF_INET),
            server_hostname=item,
        )
        # 3 second timeout because Lambda has runtime limitations
        conn.settimeout(3.0)
        conn.connect((item, 443))
        ssl_info = conn.getpeercert()
        #print(ssl_info)
        # parse the string from the certificate into a Python datetime object
        res = datetime.datetime.strptime(ssl_info['notAfter'], ssl_date_fmt)
        daysToExpiration = (res - datetime.datetime.now()).days
        if daysToExpiration < 30:
            err += 1
            print(bcolors.FAIL, 'Expires soon! Replace!', daysToExpiration, 'days left', bcolors.ENDC)
        elif daysToExpiration < 60:
            warn += 1
            print(bcolors.WARNING, 'Expires soon:', daysToExpiration, 'days left', bcolors.ENDC)
        print("Cert valid till:", res)
    except Exception as e:
        err += 1
        print(url, bcolors.FAIL, 'failed', e, bcolors.ENDC)

if err > 0:
    print(bcolors.FAIL, err, 'certs expiring in less than 30 days found',
          bcolors.ENDC)
    exit(1)
	#!/usr/bin/env python3

	import ssl
	import socket
	import datetime

	class bcolors:
	HEADER = '\033[95m'
	OKBLUE = '\033[94m'
	OKCYAN = '\033[96m'
	OKGREEN = '\033[92m'
	WARNING = '\033[93m'
	FAIL = '\033[91m'
	ENDC = '\033[0m'
	BOLD = '\033[1m'
	UNDERLINE = '\033[4m'


	list = [
	"www.google.com",
	"www.twitter.com"
	]

	err = 0
	warn = 0
	ssl_date_fmt = r'%b %d %H:%M:%S %Y %Z'

	for item in list:
	url = 'https://' + item + '/'
	print(url)
	try:
	context = ssl.create_default_context()
	context.check_hostname = False
	conn = context.wrap_socket(
	socket.socket(socket.AF_INET),
	server_hostname=item,
	)
	# 3 second timeout because Lambda has runtime limitations
	conn.settimeout(3.0)
	conn.connect((item, 443))
	ssl_info = conn.getpeercert()
	#print(ssl_info)
	# parse the string from the certificate into a Python datetime object
	res = datetime.datetime.strptime(ssl_info['notAfter'], ssl_date_fmt)
	daysToExpiration = (res - datetime.datetime.now()).days
	if daysToExpiration < 30:
	err += 1
	print(bcolors.FAIL, 'Expires soon! Replace!', daysToExpiration, 'days left', bcolors.ENDC)
	elif daysToExpiration < 60:
	warn += 1
	print(bcolors.WARNING, 'Expires soon:', daysToExpiration, 'days left', bcolors.ENDC)
	print("Cert valid till:", res)
	except Exception as e:
	err += 1
	print(url, bcolors.FAIL, 'failed', e, bcolors.ENDC)

	if err > 0:
	print(bcolors.FAIL, err, 'certs expiring in less than 30 days found',
	bcolors.ENDC)
	exit(1)