#!/usr/bin/python # -*- coding: utf-8 -*- import sys from josef_lib import * import argparse from datetime import datetime as dt parser = argparse.ArgumentParser(description="") parser.add_argument('--domain', default=None, help="RTFM") parser.add_argument('--log', default=None, help="RTFM") parser.add_argument('--exclude-expired', action='store_true', help="RTFM") args = parser.parse_args() monitored_domains = [ "google.com", "preishelden.de", "liu.se", "nordu.net", "symantec.com", ] cur_time = dt.now() count_valid = 0 count_all = 0 f = open("output/cert_data.json") for line in f: tmp = json.loads(line) try: success = True not_after_time = dt.strptime(tmp["not_after"], "%b %d %H:%M:%S %Y GMT") not_before_time = dt.strptime(tmp["not_before"], "%b %d %H:%M:%S %Y GMT") if args.domain: if args.domain in tmp["subject"].split("CN=")[1] or \ args.domain in tmp["SAN"]: pass else: success = False else: print "No domain selected!" sys.exit() if args.log: if args.log in tmp["log"]: pass else: success = False if cur_time > not_after_time: expired = True elif cur_time < not_before_time: expired = True else: expired = False # Exclude expired if args.exclude_expired and expired: success = False # Set count matches if success: count_all += 1 if not expired: count_valid += 1 # Print matching if success: s = tmp["subject"].split("CN=")[1] + \ " certified by " + tmp["issuer"].split("CN=")[1] + \ " (" + tmp["log"] + ") " if expired: print "(NOT VALID) " + s else: print "(VALID) " + s except: pass f.close() print str(count_all) + " matches found." # if count_valid == 0: # print "No matching certificates found." # else: # print str(count_valid) + " of " + str(count_all) + " certs valid. (" + str(int(float(count_valid)/float(count_all)*100)) + "%)"