From 49a4249fa7ff4afb6154c2230594b08c39241856 Mon Sep 17 00:00:00 2001
From: jowj <me@jowj.net>
Date: Tue, 21 Jan 2020 15:10:33 -0600
Subject: [PATCH] Add cert, whois check capabilities.

---
 arke.py | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 54 insertions(+), 2 deletions(-)

diff --git a/arke.py b/arke.py
index 41fc801..8081a51 100644
--- a/arke.py
+++ b/arke.py
@@ -2,14 +2,18 @@ import requests
 import arkevars
 import json
 import logging
+import datetime
 import os
+import whois
+import OpenSSL
+import ssl
 import time
 
 logging.basicConfig(format='%(asctime)s %(message)s', datefmt='%Y/%m/%d %I:%M:%S %p',level=logging.INFO,filename='arke.log')
 logger = logging.getLogger("arke")
 
 
-def monitor_AllTargets(monitoringtargets):
+def monitor_HttpTargets(monitoringtargets):
     responseTable = {}
     for target in monitoringtargets:
         try:
@@ -24,16 +28,64 @@ def monitor_AllTargets(monitoringtargets):
     return responseTable
 
 
+def monitor_DomainExpiry(targets):
+    responseTable = {}
+    current_year = datetime.today().year
+
+    for domain in targets:
+        expire_year = whois.query(domain).expiration_date.year
+        try:
+            if expire_year - current_year <= 1:
+                responseTable[domain] = "Domain expiring in < 1 year, please rectify."
+        except:
+            responseTable[domain] = "Failed to query domain info"
+
+    return responseTable
+
+
+def monitor_TlsExpiry(targets):
+    responseTable = {}
+    current_year = datetime.today().year
+
+    for site in targets:
+        cert = ssl.get_server_certificate((site, 443))
+        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
+        expiration = datetime.strptime(x509.get_notAfter().decode(), '%Y%m%d%H%M%SZ')
+        try:
+            if expiration - current_year <= 1:
+                responseTable[site] = "TLS expiring in < 30 days, please rectify."
+        except:
+            responseTable[site] = "Failed to query cert info"
+
+    return responseTable
+
+
 is_on = True
 
 while is_on:
-    datastore = monitor_AllTargets(arkevars.httpTargets)
+
+    today = datetime.today()
+
+    # make sure http targets are /up/
+    datastore = monitor_HttpTargets(arkevars.httpTargets)
     json_string = json.dumps(datastore)
 
+    # get SSL certs on http targets
+    cert_info = monitor_TlsExpiry(arkevars.httpTargets)
+    cert_json = json.dumps(cert_info)
+
+    # get whois info on domain targets
+    domain_info = monitor_DomainExpiry(arkevars.domains_to_check)
+    domain_json = json.dumps(domain_info)
+
     # write new results to file
     file = open("/shared/results.json", "a+")
     file.write(json_string)
     file.write("\n")
+    file.write(cert_json)
+    file.write("\n")
+    file.write(domain_json)
+    file.write("\n")
     file.close()
 
     # track state