Check SSL certificate properties of a host

sslChequer.py

#!/usr/bin/python
# Check SSL certificate properties
from socket import socket, setdefaulttimeout
import ssl
import OpenSSL
from dateutil.parser import parse
import datetime
import csv
import calendar
import time
import sys

setdefaulttimeout(10)
if len(sys.argv) < 2:
    print "[!] Usage: %s <domain> [port1,port2,...portN]" % sys.argv[0]
    exit(-1)
domain =  sys.argv[1] #"sensepost.com"
if len(sys.argv) > 2:
    ports = sys.argv[2].split(",")
else:
    ports = [443]

outFile = domain + "_" + str(calendar.timegm(time.gmtime())) + ".csv"

print "Checking '%s' on ports %s. Writing output to '%s'\n" %(domain, str(ports), outFile)

f = open(outFile, 'wt')
writer = csv.writer(f)
writer.writerow( ('domain', 'port', 'CN', 'issuer', 'expired', 'starts', 'expires', 'daysLeft') )

for port in ports:
    port = int(port)
    try:
        cert = ssl.get_server_certificate((domain, port), ssl_version=ssl.PROTOCOL_TLSv1)
        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
    except Exception,e:
        print "[!] Unable to retrieve CERT from (%d) %s" % (port,domain)
    else:
        components = dict(x509.get_subject().get_components())
        issuerD = dict(x509.get_issuer().get_components())
        CN = components.get("CN")    #www.google.com
        issuer = issuerD.get("CN")   #Google Internet Authority G2
        expired = x509.has_expired()
        expires = str(parse(x509.get_notAfter()))
        starts = str(parse(x509.get_notBefore()))
        tLeft = parse(x509.get_notAfter()).replace(tzinfo=None) - datetime.datetime.now()
        daysLeft = int(divmod(tLeft.total_seconds(), 60*60*24)[0])
        print "[+] %s (%d): [CN:%s] [Issuer:%s] [Days to expire: %d]" % (domain, port, CN, issuer, daysLeft)
        writer.writerow( (domain, port, CN, issuer, expired, starts, expires, daysLeft) )


f.close()