Add ability to connect to specific address

This commit is contained in:
Scott Wallace 2024-09-27 10:44:42 +01:00
parent a46395c478
commit f33b7b3418
Signed by: scott
SSH key fingerprint: SHA256:+LJug6Dj01Jdg86CILGng9r0lJseUrpI0xfRqdW9Uws

View file

@ -19,6 +19,28 @@ from tabulate import tabulate
SAN_GROUPING = 4 SAN_GROUPING = 4
def get_cert_with_servername(addr: tuple[str, int], servername: str = "") -> bytes:
"""
Get TLS certificate from an address with an explicit servername override
Args:
addr (tuple[str, int]): adress in tuple form (address, port)
servername (str): SNI servername
Returns:
bytes: PEM bytes
"""
context = ssl.create_default_context()
context.check_hostname = False
with socket.create_connection((addr[0], addr[1]), timeout=10) as sock:
with context.wrap_socket(sock, server_hostname=servername) as sslsock:
if der_cert := sslsock.getpeercert(True):
return ssl.DER_cert_to_PEM_cert(der_cert).encode("utf=8")
return bytes()
def format_fingerprint(fingerprint: bytes | str) -> str: def format_fingerprint(fingerprint: bytes | str) -> str:
""" """
Print a fingerprint as a colon-separated hex string Print a fingerprint as a colon-separated hex string
@ -58,6 +80,7 @@ if __name__ == "__main__":
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument("site", help="site to lookup") parser.add_argument("site", help="site to lookup")
parser.add_argument("-a", "--address", help="explicit address to connect to")
return parser.parse_args() return parser.parse_args()
@ -89,6 +112,12 @@ if __name__ == "__main__":
endpoint = f"{parts.hostname}:{parts.port}" endpoint = f"{parts.hostname}:{parts.port}"
try: try:
if args.address:
pem_data = get_cert_with_servername(
(args.address, parts.port),
servername=parts.hostname,
)
else:
pem_data = ssl.get_server_certificate( pem_data = ssl.get_server_certificate(
(parts.hostname, parts.port), (parts.hostname, parts.port),
timeout=10, timeout=10,
@ -99,7 +128,6 @@ if __name__ == "__main__":
cert_chain = resolve(pem_data) cert_chain = resolve(pem_data)
except urllib.error.URLError: except urllib.error.URLError:
pass pass
except ( except (
ConnectionRefusedError, ConnectionRefusedError,
ConnectionResetError, ConnectionResetError,