Init

get_cert.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+
+import hashlib
+import ssl
+import socket
+import types
+
+import click
+
+
+def establish_conn(addr, port, starttls):
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.settimeout(1)
+    try:
+        if starttls:
+            print("Using STARTTLS")
+            sock.connect((addr, port))
+            sock.send(b"STARTTLS\n")
+            sock.recv(1000)
+            wrapped_socket = ssl.wrap_socket(sock)
+        else:
+            wrapped_socket = ssl.wrap_socket(sock)
+            wrapped_socket.connect((addr, port))
+
+        yield wrapped_socket.getpeercert(True)
+
+    finally:
+        wrapped_socket.close()
+
+
+def get_cert(addr, port, starttls):
+    cert =  establish_conn(addr, port, starttls)
+    pem_cert = ssl.DER_cert_to_PEM_cert(cert)
+    print(pem_cert)
+
+    return cert
+
+def compute_fingerprints(cert):
+    thumb_md5 = hashlib.md5(cert).hexdigest()
+    thumb_sha1 = hashlib.sha1(cert).hexdigest()
+    thumb_sha256 = hashlib.sha256(cert).hexdigest()
+    print("MD5:    " + thumb_md5)
+    print("SHA1:   " + thumb_sha1)
+    print("SHA256: " + thumb_sha256)
+
+
+
+@click.command()
+@click.argument('address')#, help="address to be used to retrieve the certificate")
+@click.option('-p', '--port', default=443, type=click.IntRange(1,65535), help="the port to connect to")
+@click.option('--starttls', is_flag=True, flag_value=True, help="wether to use starttls on connection")
+def doit(address, port, starttls):
+    cert = get_cert(address, port, starttls)
+    compute_fingerprints(cert)
+
+if __name__ == '__main__':
+    doit()

setup.py

@@ -0,0 +1,14 @@
+from setuptools import setup
+
+setup(
+    name='certo',
+    version='0.3',
+    py_modules=['get_cert'],
+    install_requires=[
+        'Click',
+    ],
+    entry_points='''
+        [console_scripts]
+        certo=get_cert:doit
+    ''',
+)