forked from qiaofei32/SSL-Scan
/
SSL-Scan.py
135 lines (117 loc) · 3.49 KB
/
SSL-Scan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#encoding=utf8
import warnings
warnings.filterwarnings("ignore")
import os
import ssl
import sys
import time
import json
import socket
import struct
import pandas
import hashlib
import thread
import threading
import logging
import numpy
from sklearn.externals import joblib
logging.basicConfig()
logger = logging.getLogger("")
# logger.setLevel(logging.DEBUG)
logger.setLevel(logging.INFO)
global THREAD_NUM
THREAD_NUM = 250
def ip2int(addr):
return struct.unpack("!I", socket.inet_aton(addr))[0]
def int2ip(addr):
return socket.inet_ntoa(struct.pack("!I", addr))
def format_fingerprint(finger_print):
finger_print = list(finger_print)
result = []
for index in range(len(finger_print)):
if index % 2 == 0:
result.append(finger_print[index] + finger_print[index + 1])
result = ":".join(result)
return result.upper()
def get_ssl_cert_info(addr, ssl_version=ssl.PROTOCOL_TLSv1_2):
try:
sock = socket.create_connection(addr, timeout=1.0)
# context = ssl._create_unverified_context()
context = ssl.SSLContext(protocol=ssl_version)
# context = ssl.create_default_context()
context.verify_mode = ssl.CERT_REQUIRED
# context.verify_mode = ssl.CERT_NONE
context.load_default_certs()
sslsock = context.wrap_socket(sock, server_hostname=addr[0])
cert_info = sslsock.getpeercert(binary_form=False)
# cert_info = json.dumps(cert_info, indent=2, sort_keys=True)
cert_fingerprint = sslsock.getpeercert(binary_form=True)
cert_fingerprint = hashlib.sha1(cert_fingerprint).hexdigest()
cert_fingerprint = format_fingerprint(cert_fingerprint)
output = "%-15s %s %s" %(addr[0], cert_fingerprint, cert_info["subjectAltName"][0][-1])
logger.info(output)
return cert_info, cert_fingerprint
except Exception as e:
# print e
return None
def scan_N_addr(ip_list):
for int_ip in ip_list:
ip = int2ip(int_ip)
logger.debug(ip)
ret = get_ssl_cert_info((ip, 443))
global NUM_Lock
NUM_Lock = NUM_Lock -1
def scan_range(ip_s, ip_e):
global NUM_Lock
global THREAD_NUM
int_ip_s = ip2int(ip_s)
int_ip_e = ip2int(ip_e)
ip_all_list = range(int_ip_s, int_ip_e)
logger.debug("IP addr number: %d" %(len(ip_all_list)))
N = 50
for i in range(0, len(ip_all_list), N):
ip_list = ip_all_list[i: i+N]
while NUM_Lock >= THREAD_NUM:
time.sleep(0.5)
# thread.start_new_thread(scan_N_addr, (ip_list, ))
thread = threading.Thread(target=scan_N_addr, args=(ip_list, ))
# thread.setDaemon(False)
thread.start()
NUM_Lock += 1
if __name__ == "__main__":
global NUM_Lock
NUM_Lock = 0
time_s = time.time()
logger.info("scan start!")
df = pandas.read_csv("cn.csv", sep=",")
values = df.values.tolist()
# numpy.random.shuffle(values)
values.reverse()
file_name = "done.dat"
if os.path.exists(file_name):
done_index = joblib.load(file_name)
else:
done_index = 0
for index, row in enumerate(values):
if index < done_index:continue
ip_s, ip_e, ip_num, ip_issue = row
logger.info("scan ip_range: %s --> %s" %(ip_s, ip_e))
scan_range(ip_s, ip_e)
joblib.dump(index, file_name, compress=3)
# ip_s = "180.97.0.0"
# ip_e = "180.97.33.255"
# scan_range(ip_s, ip_e)
time.sleep(5)
b_stoped = 0
while NUM_Lock:
if NUM_Lock <= 5:
b_stoped += 1
thread_count = thread._count()
if thread_count == 0:
break
logger.info("thread count: %d" % (thread_count))
if b_stoped > 120:
break
time.sleep(1)
time_e = time.time()
logger.info("cost: %ds" %(time_e-time_s))