Version 1:
Execute the script with –dingtalk-webhook and –domains and then specify the DingTalk token and domain name.
python3 ssl_spirtime.py --dingtalk-webhook https://oapi.dingtalk.com/robot/send?access_token=avd345324 --domains www.abc1.com www.abc2.com www.abc3.com
The script is as follows
#!/usr/bin/python3 import ssl import socket from datetime import datetime import argparse import requests def get_ssl_cert_expiration(domain, port=443): context = ssl.create_default_context() conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=domain) conn.connect((domain, port)) cert = conn.getpeercert() conn.close() # Extract the expiration date from the certificate not_after = cert['notAfter'] # Convert the date string to a datetime object expiration_date = datetime.strptime(not_after, '%b %d %H:%M:%S %Y %Z') return expiration_date def send_dingtalk_message(webhook_url, message): headers = {<!-- -->'Content-Type': 'application/json'} payload = {<!-- --> "msgtype": "text", "text": {<!-- --> "content": message } } response = requests.post(webhook_url, json=payload, headers=headers) if response.status_code == 200: print("Message sent successfully to DingTalk") else: print(f"Failed to send message to DingTalk. HTTP Status Code: {<!-- -->response.status_code}") if __name__ == "__main__": parser = argparse.ArgumentParser(description="Test SSL certificate expiration for multiple domains") parser.add_argument("--dingtalk-webhook", required=True, help="DingTalk webhook URL") parser.add_argument("--domains", nargs=' + ', required=True, help="List of domains to test SSL certificate expiration") args = parser.parse_args() for domain in args.domains: expiration_date = get_ssl_cert_expiration(domain) current_date = datetime.now() days_remaining = (expiration_date - current_date).days print(f"SSL certificate for {<!-- -->domain} expires on {<!-- -->expiration_date}") print(f"Days remaining: {<!-- -->days_remaining} days") if days_remaining < 300: message = f"SSL certificate for {<!-- -->domain} will expire on {<!-- -->expiration_date}. Only {<!-- -->days_remaining} days remaining." send_dingtalk_message(args.dingtalk_webhook, message) </code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack.png" alt ="" title="">
Version 2
Execute the script with –dingtalk-webhook, –secret and –domains and then specify the DingTalk token, key and domain name.
python3 ssl_spirtime4.py --dingtalk-webhook https://oapi.dingtalk.com/robot/send?access_token=abdcsardaef--secret SEC75bcc2abdfd --domains www.abc1.com www.abc2.com www.abc3. com
#!/usr/bin/python3 import ssl import socket from datetime import datetime import argparse import requests import hashlib import hmac import base64 import time def get_ssl_cert_expiration(domain, port=443): context = ssl.create_default_context() conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=domain) conn.connect((domain, port)) cert = conn.getpeercert() conn.close() # Extract the expiration date from the certificate not_after = cert['notAfter'] # Convert the date string to a datetime object expiration_date = datetime.strptime(not_after, '%b %d %H:%M:%S %Y %Z') return expiration_date def send_dingtalk_message(webhook_url, secret, message): headers = {<!-- -->'Content-Type': 'application/json'} # Get the current timestamp in milliseconds timestamp = str(int(round(time.time() * 1000))) # Combine timestamp and secret to create a sign string sign_string = f"{<!-- -->timestamp}\ {<!-- -->secret}" # Calculate the HMAC-SHA256 signature sign = base64.b64encode(hmac.new(secret.encode(), sign_string.encode(), hashlib.sha256).digest()).decode() # Create the payload with the calculated signature payload = {<!-- --> "msgtype": "text", "text": {<!-- --> "content": message }, "timestamp": timestamp, "sign": sign } response = requests.post(f"{<!-- -->webhook_url} & amp;timestamp={<!-- -->timestamp} & amp;sign={<!-- -->sign}", json=payload, headers=headers) if response.status_code == 200: print("Message sent successfully to DingTalk") else: print(f"Failed to send message to DingTalk. HTTP Status Code: {<!-- -->response.status_code}") if __name__ == "__main__": parser = argparse.ArgumentParser(description="Test SSL certificate expiration for multiple domains") parser.add_argument("--dingtalk-webhook", required=True, help="DingTalk webhook URL") parser.add_argument("--secret", required=True, help="DingTalk robot secret") parser.add_argument("--domains", nargs=' + ', required=True, help="List of domains to test SSL certificate expiration") args = parser.parse_args() for domain in args.domains: expiration_date = get_ssl_cert_expiration(domain) current_date = datetime.now() days_remaining = (expiration_date - current_date).days print(f"SSL certificate for {<!-- -->domain} expires on {<!-- -->expiration_date}") print(f"Days remaining: {<!-- -->days_remaining} days") if days_remaining < 10: message = f"SSL certificate for {<!-- -->domain} will expire on {<!-- -->expiration_date}. Only {<!-- -->days_remaining} days remaining." send_dingtalk_message(args.dingtalk_webhook, args.secret, message) </code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack.png" alt ="" title="">
Ultimate version
Specify configuration file when python executes script
python3 ssl_spirtime.py --config-file config.json
The content of the config.json configuration file is as follows
{<!-- --> "dingtalk-webhook": "https://oapi.dingtalk.com/robot/send?access_token=avbdcse345dd", "secret": "SECaegdDEdaDSEGFdadd12334", "domains": [ "www.a.tel", "www.b.com", "www.c.app", "www.d-cn.com", "www.e.com", "www.f.com", "www.g.com", "www.gg.com", "www.sd.com", "www.234.com", "www.456.com", "www.addf.com", "www.advdwd.com", "aqjs.aefdsdf.com", "apap.adedgdg.com", "cbap.asfew.com", "ksjsw.adfewfd.cn", "wdxl.aeffadaf.com", "wspr.afefd.shop", "sktprd.daeafsdf.shop", "webskt.afaefafa.shop", "www.afaead.cn", "www.afewfsegs.co", "www.aaeafsf.com", "bdvt.aeraf.info", "dl.afawef.co", "dl.aefarge.com" ] } </code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack.png" alt ="" title="">
The script content is as follows
#!/usr/bin/python3 import ssl import socket from datetime import datetime import argparse import requests import hashlib import hmac import base64 import time import json def get_ssl_cert_expiration(domain, port=443): context = ssl.create_default_context() conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=domain) conn.connect((domain, port)) cert = conn.getpeercert() conn.close() # Extract the expiration date from the certificate not_after = cert['notAfter'] # Convert the date string to a datetime object expiration_date = datetime.strptime(not_after, '%b %d %H:%M:%S %Y %Z') return expiration_date def send_dingtalk_message(webhook_url, secret, message): headers = {<!-- -->'Content-Type': 'application/json'} # Get the current timestamp in milliseconds timestamp = str(int(round(time.time() * 1000))) # Combine timestamp and secret to create a sign string sign_string = f"{<!-- -->timestamp}\ {<!-- -->secret}" # Calculate the HMAC-SHA256 signature sign = base64.b64encode(hmac.new(secret.encode(), sign_string.encode(), hashlib.sha256).digest()).decode() # Create the payload with the calculated signature payload = {<!-- --> "msgtype": "text", "text": {<!-- --> "content": message }, "timestamp": timestamp, "sign": sign } response = requests.post(f"{<!-- -->webhook_url} & amp;timestamp={<!-- -->timestamp} & amp;sign={<!-- -->sign}", json=payload, headers=headers) if response.status_code == 200: print("Message sent successfully to DingTalk") else: print(f"Failed to send message to DingTalk. HTTP Status Code: {<!-- -->response.status_code}") if __name__ == "__main__": # Load configuration from configuration file with open("config.json", 'r') as config_file: config = json.load(config_file) dingtalk_webhook = config.get("dingtalk-webhook") secret = config.get("secret") domains = config.get("domains") for domain in domains: expiration_date = get_ssl_cert_expiration(domain) current_date = datetime.now() days_remaining = (expiration_date - current_date).days print(f"SSL certificate for {<!-- -->domain} expires on {<!-- -->expiration_date}") print(f"Days remaining: {<!-- -->days_remaining} days") if days_remaining < 10: message = f"SSL certificate for {<!-- -->domain} will expire on {<!-- -->expiration_date}. Only {<!-- -->days_remaining} days remaining." send_dingtalk_message(dingtalk_webhook, secret, message) </code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack.png" alt ="" title="">
Results of the
/usr/bin/python3 /root/ssl_spirtime.py --config-file /root/config.json SSL certificate for www.a.tel expires on 2024-06-08 23:59:59 Days remaining: 220 days SSL certificate for www.b.com expires on 2024-05-23 07:45:13 Days remaining: 203 days SSL certificate for www.c.app expires on 2024-05-23 07:45:13 Days remaining: 203 days SSL certificate for www.d-cn.com expires on 2024-03-03 00:00:00 Days remaining: 122 days SSL certificate for www.aed.com expires on 2024-11-17 06:30:15 Days remaining: 381 days SSL certificate for www.afedf.com expires on 2024-06-20 23:59:59 Days remaining: 232 days SSL certificate for www.aefdfd.com expires on 2024-06-20 23:59:59
DingTalk warning message is as follows