-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhttpsmonitor.go
More file actions
144 lines (126 loc) · 3.17 KB
/
httpsmonitor.go
File metadata and controls
144 lines (126 loc) · 3.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package main
import (
"bufio"
"crypto/tls"
"crypto/x509"
"fmt"
"log"
"net"
"net/http"
"os"
"time"
"github.com/go-resty/resty/v2"
"github.com/joho/godotenv"
)
var (
telegramBotToken string
telegramChatID string
subdomainFilePath string
)
func init() {
// Load environment variables from .env file
err := godotenv.Load()
if err != nil {
log.Fatalf("Error loading .env file: %v", err)
}
telegramBotToken = os.Getenv("TELEGRAM_BOT_TOKEN")
telegramChatID = os.Getenv("TELEGRAM_CHAT_ID")
subdomainFilePath = os.Getenv("SUBDOMAIN_FILE_PATH")
}
func main() {
file, err := os.Open(subdomainFilePath)
if err != nil {
log.Fatalf("Error opening file: %v", err)
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
domain := scanner.Text()
if domain == "" {
continue
}
fmt.Printf("Processing domain: %s\n", domain)
checkDomain(domain)
}
if err := scanner.Err(); err != nil {
log.Fatalf("Error reading file: %v", err)
}
}
func checkDomain(domain string) {
url := "https://" + domain
resp, err := http.Get(url)
if err != nil {
fmt.Printf("No HTTPS or error checking domain %s: %v\n", domain, err)
sendTelegramNotification(domain, "No HTTPS or error occurred")
return
}
defer resp.Body.Close()
if resp.TLS == nil {
fmt.Printf("No TLS/SSL for domain %s\n", domain)
sendTelegramNotification(domain, "No HTTPS")
return
}
certs := resp.TLS.PeerCertificates
if len(certs) > 0 {
for _, cert := range certs {
if isCertExpiringSoon(cert) {
sendTelegramNotification(domain, "Certificate expiring soon")
return
}
}
}
checkSSLVersions(domain)
}
func checkSSLVersions(domain string) {
sslVersions := []struct {
version string
tlsVersion uint16
}{
{"SSLv3", tls.VersionSSL30},
{"TLS 1.0", tls.VersionTLS10},
{"TLS 1.1", tls.VersionTLS11},
{"TLS 1.2", tls.VersionTLS12},
{"TLS 1.3", tls.VersionTLS13},
}
for _, v := range sslVersions {
supported := checkTLSVersion(domain, v.tlsVersion)
status := "not supported"
if supported {
status = "supported"
}
fmt.Printf("Domain %s: %s %s\n", domain, v.version, status)
if !supported && v.tlsVersion == tls.VersionTLS13 {
sendTelegramNotification(domain, fmt.Sprintf("%s is not supported", v.version))
}
}
}
func checkTLSVersion(domain string, tlsVersion uint16) bool {
dialer := &net.Dialer{Timeout: 5 * time.Second}
conn, err := tls.DialWithDialer(dialer, "tcp", domain+":443", &tls.Config{
MinVersion: tlsVersion,
MaxVersion: tlsVersion,
})
if err != nil {
return false
}
defer conn.Close()
return true
}
func isCertExpiringSoon(cert *x509.Certificate) bool {
now := time.Now()
expiryThreshold := now.AddDate(0, 0, 7) // 7 days from now
return cert.NotAfter.Before(expiryThreshold)
}
func sendTelegramNotification(domain, message string) {
client := resty.New()
resp, err := client.R().
SetBody(fmt.Sprintf("Domain: %s\nIssue: %s", domain, message)).
Post(fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage?chat_id=%s", telegramBotToken, telegramChatID))
if err != nil {
log.Printf("Error sending notification: %v", err)
return
}
if resp.IsError() {
log.Printf("Failed to send notification: %s", resp.String())
}
}