/
SAN_names.py
74 lines (57 loc) · 1.88 KB
/
SAN_names.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import socket
import utils
import ssl
def get_SANs_from_cert(Domain):
'''
Returns the full list of Subject Alternative Names from an SSL cert. If the server isn't listening on port 443, return None
'''
SANs = []
if utils.is_port_open(Domain,443) == False:
return None
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) # Create a regular TCP Stream Socket
sslsock = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ssl_version=ssl.PROTOCOL_SSLv23, ca_certs='data/ca-bundle.crt') # Wrap the TCP socket in an SSL Context
try:
sslsock.connect((Domain,443)) # This is the regular socket connect() method but it also does the SSL handshake in this case
except socket.error as e:
print e
return None
try:
cert = sslsock.getpeercert()
except ValueError as ve:
print "No Cert"
cert = None
if cert is not None:
try:
SAN_Tuples = cert['subjectAltName']
except KeyError:
if verbose:
print "No SAN"
return None
for x,y in SAN_Tuples:
SANs.append(y)
return SANs
elif cert is None:
return None
def get_pruned_SANs_list(subdomain_list,ParentDomain,verbose):
''' This function does two things:
1. Eliminates those items in the SANs list that
a. Do not contain the parent domain
b. Have an asterisk wildcard in them
2. After filtering the subdomains based on the criteria above,
returns a list of sanitized subdomains '''
result_list = []
for k in subdomain_list:
SANs_list = get_SANs_from_cert(k)
if verbose:
utils.pretty_print("Getting SANs for " + str(k), len("Getting SANs for " + str(k)))
print "SANs: ",
print SANs_list
if SANs_list is not None:
for i in SANs_list:
if i != ParentDomain and ParentDomain in i and '*' not in i: # Get only those SANs that are non-wildcard/asterisk containing subdomains
result_list.append(i)
print i,
print " [SAN Name]"
if verbose:
print "\n"
return result_list