adulau/crl-monitor
1
0
Fork 0
mirror of https://github.com/adulau/crl-monitor.git synced 2024-11-22 01:57:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

JSON output added (-j option)

Browse source
This commit is contained in:
Alexandre Dulaunoy 2015-02-02 07:38:17 +01:00
parent 33e45d362d
commit 1acfcb54e3
1 changed files with 15 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
bin/x509/pcap-sslcert.py
View file

@ -12,16 +12,18 @@ import re
import binascii import binascii
import OpenSSL import OpenSSL
import argparse import argparse
import json
argParser = argparse.ArgumentParser(description='Extract certificate to PEM format from an ssldump output') argParser = argparse.ArgumentParser(description='Extract certificate to PEM format from an ssldump output')
argParser.add_argument('-v', default=False, action='store_true', help='Verbose output') argParser.add_argument('-v', default=False, action='store_true', help='Verbose output')
argParser.add_argument('-f', default=False, action='store_true', help='Print certificate SHA1 fingerprint and destination IP addresses only') argParser.add_argument('-f', default=False, action='store_true', help='Print certificate SHA1 fingerprint and destination IP addresses only')
argParser.add_argument('-j', default=False, action='store_true', help='Dump JSON object per certificate')
argParser.add_argument('-r', default='-', help='Read from a file, default is stdin') argParser.add_argument('-r', default='-', help='Read from a file, default is stdin')
args = argParser.parse_args() args = argParser.parse_args()
cert = None cert = None
certstring = "" certstring = ""
c = {}
certtag = re.compile('^\s+Certificate\s*$') certtag = re.compile('^\s+Certificate\s*$')
certtagend = re.compile('^\S+') certtagend = re.compile('^\S+')
ipv4re = '\d+\.\d+\.\d+\.\d+' ipv4re = '\d+\.\d+\.\d+\.\d+'
@ -36,10 +38,10 @@ for l in fileinput.input(args.r):
if flow.search(l): if flow.search(l):
m = flow.match(l) m = flow.match(l)
if m is not None: if m is not None:
session = m.group(1) c['session'] = m.group(1)
srcip = m.group(2) c['srcip'] = m.group(2)
dstip = m.group(3) c['dstip'] = m.group(3)
dstport = m.group(4) c['dstport'] = m.group(4)
if (cert is True): if (cert is True):
certstring += l.rstrip('\n') certstring += l.rstrip('\n')
@ -49,14 +51,17 @@ for l in fileinput.input(args.r):
a = y[1].split('certificate')[0] a = y[1].split('certificate')[0]
dercert = binascii.unhexlify(a) dercert = binascii.unhexlify(a)
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, dercert) x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, dercert)
fp = x509.digest('sha1').replace(':','').lower() c['fp'] = x509.digest('sha1').replace(':','').lower()
if args.v: if args.v:
print srcip+"<->"+dstip+":"+dstport print "("+c['session']+") "+c['srcip']+"<->"+c['dstip']+":"+c['dstport']
print "Issuer: "+x509.get_issuer().CN print "Issuer: "+x509.get_issuer().CN
print "CN: " + x509.get_subject().CN print "CN: " + x509.get_subject().CN
if not args.f: c['pem'] = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, x509)
print OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, x509) if args.j:
print (json.dumps(c))
elif args.f:
print (c['fp']+","+c['dstip']+","+x509.get_subject().CN)
else: else:
print fp+","+dstip+","+x509.get_subject().CN print (c['pem'])
certstring = "" certstring = ""
y = "" y = ""