From 5c1259c1e2d0babd44af41b8292bd4e1da306e21 Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Wed, 27 Sep 2023 18:25:58 +1000 Subject: [PATCH] bot: Try parse ssl cert --- bot.py | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/bot.py b/bot.py index ff338d5..3638c4d 100644 --- a/bot.py +++ b/bot.py @@ -9,6 +9,8 @@ import subprocess import tempfile import re import binascii +import ssl + load_dotenv() TOKEN = os.getenv('DISCORD_TOKEN') @@ -178,18 +180,6 @@ async def ssl(ctx, domain: str): certificates.append(current_cert) current_cert = "" - extracted_domains = [] - for cert in certificates: - domain_line = [line for line in cert.split("\n") if "Subject: CN" in line] - if domain_line: - domain = domain_line[0].split("Subject: CN=")[1] - extracted_domains.append(domain) - - if extracted_domains: - message = message + "\n## Extracted domains:\n" - for domain in extracted_domains: - message = message + "- " + domain + "\n" - # Remove anything before -----BEGIN CERTIFICATE----- certificates = [cert[cert.find("-----BEGIN CERTIFICATE-----"):] for cert in certificates] @@ -210,6 +200,32 @@ async def ssl(ctx, domain: str): message = message + "\n## TLSA Record from webserver:\n`" + tlsa_server + "`\n" + + + # Get domains + x509 = ssl.load_certificate(ssl.PEM_cert_to_DER_cert(cert.encode("utf-8"))) + domains = [] + try: + san_list = x509.get_extension_by_oid("subjectAltName") + san_list = san_list._subjectAltNameString().split(", ") + domains.extend(san_list) + except Exception as e: + print(e, flush=True) + + try: + subject = x509.get_subject() + common_name = subject.CN + if common_name: + domains.append(common_name) + except Exception as e: + print(e, flush=True) + + if domains: + message = message + "\n## SSL Domains:\n" + for domain in domains: + message = message + "- " + domain + "\n" + + else: message = message + "\n## Website Certificate:\n:x: No certificate found\n" message = message + "\n## TLSA Record from webserver:\n:x: No certificate found\n"