|
6 | 6 | from modules.write_log import log_writer |
7 | 7 | from cryptography import x509 |
8 | 8 | from cryptography.hazmat.backends import default_backend |
| 9 | +from datetime import timezone |
9 | 10 |
|
10 | 11 | R = '\033[31m' # red |
11 | 12 | G = '\033[32m' # green |
|
15 | 16 |
|
16 | 17 |
|
17 | 18 | def cert(hostname, sslp, output, data): |
18 | | - result = {} |
19 | | - presence = False |
20 | | - print(f'\n{Y}[!] SSL Certificate Information : {W}\n') |
21 | | - |
22 | | - port_test = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
23 | | - port_test.settimeout(5) |
24 | | - try: |
25 | | - port_test.connect((hostname, sslp)) |
26 | | - port_test.close() |
27 | | - presence = True |
28 | | - except Exception: |
29 | | - port_test.close() |
30 | | - print(f'{R}[-] {C}SSL is not Present on Target URL...Skipping...{W}') |
31 | | - result.update({'Error': 'SSL is not Present on Target URL'}) |
32 | | - log_writer('[sslinfo] SSL is not Present on Target URL...Skipping...') |
33 | | - |
34 | | - def unpack(nested_tuple, pair): |
35 | | - for item in nested_tuple: |
36 | | - if isinstance(item, tuple): |
37 | | - if len(item) == 2: |
38 | | - pair[item[0]] = item[1] |
39 | | - else: |
40 | | - unpack(item, pair) |
41 | | - else: |
42 | | - pair[nested_tuple.index(item)] = item |
43 | | - |
44 | | - def process_cert(info): |
45 | | - pair = {} |
46 | | - for key, val in info.items(): |
47 | | - if isinstance(val, tuple): |
48 | | - print(f'{G}[+] {C}{key}{W}') |
49 | | - unpack(val, pair) |
50 | | - for sub_key, sub_val in pair.items(): |
51 | | - print(f'\t{G}└╴{C}{sub_key}: {W}{sub_val}') |
52 | | - result.update({f'{key}-{sub_key}': sub_val}) |
53 | | - pair.clear() |
54 | | - elif isinstance(val, dict): |
55 | | - print(f'{G}[+] {C}{key}{W}') |
56 | | - for sub_key, sub_val in val.items(): |
57 | | - print(f'\t{G}└╴{C}{sub_key}: {W}{sub_val}') |
58 | | - result.update({f'{key}-{sub_key}': sub_val}) |
59 | | - elif isinstance(val, list): |
60 | | - print(f'{G}[+] {C}{key}{W}') |
61 | | - for sub_val in val: |
62 | | - print(f'\t{G}└╴{C}{val.index(sub_val)}: {W}{sub_val}') |
63 | | - result.update({f'{key}-{val.index(sub_val)}': sub_val}) |
64 | | - else: |
65 | | - print(f'{G}[+] {C}{key} : {W}{val}') |
66 | | - result.update({key: val}) |
67 | | - |
68 | | - if presence: |
69 | | - ctx = ssl.create_default_context() |
70 | | - ctx.check_hostname = False |
71 | | - ctx.verify_mode = ssl.CERT_NONE |
72 | | - sock = socket.socket() |
73 | | - sock.settimeout(5) |
74 | | - ssl_conn = ctx.wrap_socket(sock, server_hostname=hostname) |
75 | | - ssl_conn.connect((hostname, sslp)) |
76 | | - x509_cert = ssl_conn.getpeercert(binary_form=True) |
77 | | - decoded_cert = x509.load_der_x509_certificate(x509_cert, default_backend()) |
78 | | - |
79 | | - subject_dict = {} |
80 | | - issuer_dict = {} |
81 | | - |
82 | | - def name_to_dict(attribute): |
83 | | - attr_name = attribute.oid._name |
84 | | - attr_value = attribute.value |
85 | | - return attr_name, attr_value |
86 | | - |
87 | | - for attribute in decoded_cert.subject: |
88 | | - name, value = name_to_dict(attribute) |
89 | | - subject_dict[name] = value |
90 | | - |
91 | | - for attribute in decoded_cert.issuer: |
92 | | - name, value = name_to_dict(attribute) |
93 | | - issuer_dict[name] = value |
94 | | - |
95 | | - cert_dict = { |
96 | | - 'protocol': ssl_conn.version(), |
97 | | - 'cipher': ssl_conn.cipher(), |
98 | | - 'subject': subject_dict, |
99 | | - 'issuer': issuer_dict, |
100 | | - 'version': decoded_cert.version, |
101 | | - 'serialNumber': decoded_cert.serial_number, |
102 | | - 'notBefore': decoded_cert.not_valid_before.strftime("%b %d %H:%M:%S %Y GMT"), |
103 | | - 'notAfter': decoded_cert.not_valid_after.strftime("%b %d %H:%M:%S %Y GMT"), |
104 | | - } |
105 | | - |
106 | | - extensions = decoded_cert.extensions |
107 | | - for ext in extensions: |
108 | | - if ext.oid != x509.ExtensionOID.SUBJECT_ALTERNATIVE_NAME: |
109 | | - continue |
110 | | - san_entries = ext.value |
111 | | - subject_alt_names = [] |
112 | | - for entry in san_entries: |
113 | | - if isinstance(entry, x509.DNSName): |
114 | | - subject_alt_names.append(entry.value) |
115 | | - cert_dict['subjectAltName'] = subject_alt_names |
116 | | - |
117 | | - process_cert(cert_dict) |
118 | | - result.update({'exported': False}) |
119 | | - |
120 | | - if output: |
121 | | - fname = f'{output["directory"]}/ssl.{output["format"]}' |
122 | | - output['file'] = fname |
123 | | - data['module-SSL Certificate Information'] = result |
124 | | - export(output, data) |
125 | | - log_writer('[sslinfo] Completed') |
| 19 | + result = {} |
| 20 | + presence = False |
| 21 | + print(f'\n{Y}[!] SSL Certificate Information : {W}\n') |
| 22 | + |
| 23 | + port_test = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| 24 | + port_test.settimeout(5) |
| 25 | + try: |
| 26 | + port_test.connect((hostname, sslp)) |
| 27 | + port_test.close() |
| 28 | + presence = True |
| 29 | + except Exception: |
| 30 | + port_test.close() |
| 31 | + print(f'{R}[-] {C}SSL is not Present on Target URL...Skipping...{W}') |
| 32 | + result.update({'Error': 'SSL is not Present on Target URL'}) |
| 33 | + log_writer('[sslinfo] SSL is not Present on Target URL...Skipping...') |
| 34 | + |
| 35 | + def unpack(nested_tuple, pair): |
| 36 | + for item in nested_tuple: |
| 37 | + if isinstance(item, tuple): |
| 38 | + if len(item) == 2: |
| 39 | + pair[item[0]] = item[1] |
| 40 | + else: |
| 41 | + unpack(item, pair) |
| 42 | + else: |
| 43 | + pair[nested_tuple.index(item)] = item |
| 44 | + |
| 45 | + def process_cert(info): |
| 46 | + pair = {} |
| 47 | + for key, val in info.items(): |
| 48 | + if isinstance(val, tuple): |
| 49 | + print(f'{G}[+] {C}{key}{W}') |
| 50 | + unpack(val, pair) |
| 51 | + for sub_key, sub_val in pair.items(): |
| 52 | + print(f'\t{G}└╴{C}{sub_key}: {W}{sub_val}') |
| 53 | + result.update({f'{key}-{sub_key}': sub_val}) |
| 54 | + pair.clear() |
| 55 | + elif isinstance(val, dict): |
| 56 | + print(f'{G}[+] {C}{key}{W}') |
| 57 | + for sub_key, sub_val in val.items(): |
| 58 | + print(f'\t{G}└╴{C}{sub_key}: {W}{sub_val}') |
| 59 | + result.update({f'{key}-{sub_key}': sub_val}) |
| 60 | + elif isinstance(val, list): |
| 61 | + print(f'{G}[+] {C}{key}{W}') |
| 62 | + for sub_val in val: |
| 63 | + print(f'\t{G}└╴{C}{val.index(sub_val)}: {W}{sub_val}') |
| 64 | + result.update({f'{key}-{val.index(sub_val)}': sub_val}) |
| 65 | + else: |
| 66 | + print(f'{G}[+] {C}{key} : {W}{val}') |
| 67 | + result.update({key: val}) |
| 68 | + |
| 69 | + if presence: |
| 70 | + ctx = ssl.create_default_context() |
| 71 | + ctx.check_hostname = False |
| 72 | + ctx.verify_mode = ssl.CERT_NONE |
| 73 | + sock = socket.socket() |
| 74 | + sock.settimeout(5) |
| 75 | + ssl_conn = ctx.wrap_socket(sock, server_hostname=hostname) |
| 76 | + ssl_conn.connect((hostname, sslp)) |
| 77 | + x509_cert = ssl_conn.getpeercert(binary_form=True) |
| 78 | + decoded_cert = x509.load_der_x509_certificate(x509_cert, default_backend()) |
| 79 | + |
| 80 | + subject_dict = {} |
| 81 | + issuer_dict = {} |
| 82 | + |
| 83 | + def name_to_dict(attribute): |
| 84 | + attr_name = attribute.oid._name |
| 85 | + attr_value = attribute.value |
| 86 | + return attr_name, attr_value |
| 87 | + |
| 88 | + for attribute in decoded_cert.subject: |
| 89 | + name, value = name_to_dict(attribute) |
| 90 | + subject_dict[name] = value |
| 91 | + |
| 92 | + for attribute in decoded_cert.issuer: |
| 93 | + name, value = name_to_dict(attribute) |
| 94 | + issuer_dict[name] = value |
| 95 | + |
| 96 | + # Handle `not_valid_before` and `not_valid_after` with compatibility |
| 97 | + if hasattr(decoded_cert, 'not_valid_before_utc') and hasattr(decoded_cert, 'not_valid_after_utc'): |
| 98 | + not_before = decoded_cert.not_valid_before_utc |
| 99 | + not_after = decoded_cert.not_valid_after_utc |
| 100 | + else: |
| 101 | + # Fallback for older versions |
| 102 | + not_before = decoded_cert.not_valid_before.replace(tzinfo=timezone.utc) |
| 103 | + not_after = decoded_cert.not_valid_after.replace(tzinfo=timezone.utc) |
| 104 | + |
| 105 | + cert_dict = { |
| 106 | + 'protocol': ssl_conn.version(), |
| 107 | + 'cipher': ssl_conn.cipher(), |
| 108 | + 'subject': subject_dict, |
| 109 | + 'issuer': issuer_dict, |
| 110 | + 'version': decoded_cert.version, |
| 111 | + 'serialNumber': decoded_cert.serial_number, |
| 112 | + 'notBefore': not_before.strftime("%b %d %H:%M:%S %Y GMT"), |
| 113 | + 'notAfter': not_after.strftime("%b %d %H:%M:%S %Y GMT"), |
| 114 | + } |
| 115 | + |
| 116 | + extensions = decoded_cert.extensions |
| 117 | + for ext in extensions: |
| 118 | + if ext.oid != x509.ExtensionOID.SUBJECT_ALTERNATIVE_NAME: |
| 119 | + continue |
| 120 | + san_entries = ext.value |
| 121 | + subject_alt_names = [] |
| 122 | + for entry in san_entries: |
| 123 | + if isinstance(entry, x509.DNSName): |
| 124 | + subject_alt_names.append(entry.value) |
| 125 | + cert_dict['subjectAltName'] = subject_alt_names |
| 126 | + |
| 127 | + process_cert(cert_dict) |
| 128 | + result.update({'exported': False}) |
| 129 | + |
| 130 | + if output: |
| 131 | + fname = f'{output["directory"]}/ssl.{output["format"]}' |
| 132 | + output['file'] = fname |
| 133 | + data['module-SSL Certificate Information'] = result |
| 134 | + export(output, data) |
| 135 | + log_writer('[sslinfo] Completed') |
0 commit comments