|
@@ -0,0 +1,57 @@
|
|
|
+#!/usr/bin/env python3
|
|
|
+
|
|
|
+import hashlib
|
|
|
+import ssl
|
|
|
+import socket
|
|
|
+import types
|
|
|
+
|
|
|
+import click
|
|
|
+
|
|
|
+
|
|
|
+def establish_conn(addr, port, starttls):
|
|
|
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
|
+ sock.settimeout(1)
|
|
|
+ try:
|
|
|
+ if starttls:
|
|
|
+ print("Using STARTTLS")
|
|
|
+ sock.connect((addr, port))
|
|
|
+ sock.send(b"STARTTLS\n")
|
|
|
+ sock.recv(1000)
|
|
|
+ wrapped_socket = ssl.wrap_socket(sock)
|
|
|
+ else:
|
|
|
+ wrapped_socket = ssl.wrap_socket(sock)
|
|
|
+ wrapped_socket.connect((addr, port))
|
|
|
+
|
|
|
+ yield wrapped_socket.getpeercert(True)
|
|
|
+
|
|
|
+ finally:
|
|
|
+ wrapped_socket.close()
|
|
|
+
|
|
|
+
|
|
|
+def get_cert(addr, port, starttls):
|
|
|
+ cert = establish_conn(addr, port, starttls)
|
|
|
+ pem_cert = ssl.DER_cert_to_PEM_cert(cert)
|
|
|
+ print(pem_cert)
|
|
|
+
|
|
|
+ return cert
|
|
|
+
|
|
|
+def compute_fingerprints(cert):
|
|
|
+ thumb_md5 = hashlib.md5(cert).hexdigest()
|
|
|
+ thumb_sha1 = hashlib.sha1(cert).hexdigest()
|
|
|
+ thumb_sha256 = hashlib.sha256(cert).hexdigest()
|
|
|
+ print("MD5: " + thumb_md5)
|
|
|
+ print("SHA1: " + thumb_sha1)
|
|
|
+ print("SHA256: " + thumb_sha256)
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+@click.command()
|
|
|
+@click.argument('address')#, help="address to be used to retrieve the certificate")
|
|
|
+@click.option('-p', '--port', default=443, type=click.IntRange(1,65535), help="the port to connect to")
|
|
|
+@click.option('--starttls', is_flag=True, flag_value=True, help="wether to use starttls on connection")
|
|
|
+def doit(address, port, starttls):
|
|
|
+ cert = get_cert(address, port, starttls)
|
|
|
+ compute_fingerprints(cert)
|
|
|
+
|
|
|
+if __name__ == '__main__':
|
|
|
+ doit()
|