Files

 master

/

sslcheck

Blame

Blame

Latest commit

 

History

History

executable file

·

104 lines (87 loc) · 3.54 KB

 master

/

sslcheck

Top

File metadata and controls

• Code
• Blame

executable file

·

104 lines (87 loc) · 3.54 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

#!/usr/bin/env php

<?php

error_reporting(E_ERROR | E_PARSE);

function getIps($domain) {

$ips = [];

$dnsRecords = dns_get_record($domain, DNS_A + DNS_AAAA);

foreach ($dnsRecords as $record) {

if (isset($record['ip'])) {

$ips[] = $record['ip'];

}

if (isset($record['ipv6'])) {

$ips[] = '[' . $record['ipv6'] . ']'; // bindto of 'stream_context_create' uses this format of ipv6

}

}

return $ips;

}

function getCert($ip, $domain) {

$g = stream_context_create(["ssl" => ["capture_peer_cert" => true], 'socket' => ['bindto' => $ip]]);

$r = stream_socket_client("ssl://{$domain}:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $g);

$cont = stream_context_get_params($r);

return openssl_x509_parse($cont["options"]["ssl"]["peer_certificate"]);

}

function getOutputColor($daysLeft) {

if ($daysLeft > 30) return "\e[32m";

if ($daysLeft > 15) return "\e[33m";

return "\e[31m";

}

$domains = array_slice($argv, 1);

$domainCount = count($domains);

if ($domainCount === 0) {

echo "\e[34m\n";

echo "------------------------------------------------------------\n";

echo "Domain SSL Checker \n";

echo "------------------------------------------------------------\n\n";

echo "Usage:\t\t sslcheck [DOMAINS]... \n";

echo "Example:\t sslcheck www.example.com www.google.com \n";

echo "\e[0m\n";

return;

}

$now = new DateTime('now', new DateTimeZone('UTC'));

$expiringSoon = [];

$errors = [];

$certCount = 0;

echo "\e[34m\n";

echo "------------------------------------------------------------\n";

echo 'Domain SSL Report for ' . $now->format('jS M Y') . "\n";

echo "------------------------------------------------------------\n";

echo "\e[0m\n";

foreach ($domains as $domain) {

$ips = getIps($domain);

if (count($ips) === 0) {

$errors[] = $domain . " :: FAILED TO FIND SERVER IP\n";

}

foreach ($ips as $ip) {

$certCount++;

$cert = getCert($ip, $domain);

if (!$cert) {

$errors[] = $domain . '@' . $ip . " :: FAILED TO GET CERTIFICATE INFORMATION\n";

continue;

}

$validFrom = new DateTime("@" . $cert['validFrom_time_t']);

$validTo = new DateTime("@" . $cert['validTo_time_t']);

$diff = $now->diff($validTo);

$daysLeft = $diff->invert ? 0 : $diff->days;

if ($daysLeft <= 15) $expiringSoon[] = $domain;

echo getOutputColor($daysLeft);

echo $domain . (count($ips) > 1 ? " ($ip)" : "") . "\n";

echo "\tValid From:\t " . $validFrom->format('jS M Y') . ' (' . $validFrom->format('Y-m-d H:i:s') . ")\n";

echo "\tValid To:\t " . $validTo->format('jS M Y') . ' (' . $validTo->format('Y-m-d H:i:s') . ")\n";

echo "\tDays Left:\t " . $daysLeft . "\n";

echo "\e[0m\n";

}

}

$expiringCount = count($expiringSoon);

echo "\e[34m";

echo "------------------------------------------------------------\n";

echo "$expiringCount of $certCount certificate" . ($certCount > 1 ? 's':'')

." across $domainCount domain".($domainCount > 1 ? 's':'')." expired or expiring soon\n";

echo "------------------------------------------------------------\n";

echo "\e[0m\n";

if (count($errors) > 0) {

echo "\e[31m";

echo "------------------------------------------------------------\n";

echo "Errors:\n\n" . implode("\n", $errors);

echo "------------------------------------------------------------\n";

echo "\e[0m\n";

}