Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
sslexpiry
Advanced tools
Readme
This script connects to a given set of servers, fetches and verifies their SSL certificates, and checks the expiry dates etc. It will warn you if:
The intended use is that you will put the list of your servers using
SSL in a text file, and run sslexpiry
on a daily cron job to warn
you if your certificates will expire soon.
The script relies on Node.js 12 or above. You can install it with:
sudo npm install -g sslexpiry
usage: sslexpiry [-h] [-b FILENAME] [-d DAYS] [-f FILENAME] [-i]
[-t SECONDS] [-v] [-V] [-z]
[SERVER [SERVER ...]]
SSL expiry checker
Positional arguments:
SERVER Check the specified server.
Optional arguments:
-h, --help Show this help message and exit.
-b FILENAME, --bad-serials FILENAME
Check the certificate serial numbers against the
specified file.
-d DAYS, --days DAYS The number of days at which to warn of expiry.
(default=30)
-f FILENAME, --from-file FILENAME
Read the servers to check from the specified file.
-i, --ignore-chain Don't check other certificates in the chain
-t SECONDS, --timeout SECONDS
The number of seconds to allow for server response.
(default=30)
-v, --verbose Display verbose output.
-V, --version Show program's version number and exit.
-z, --exit-zero Always return a process exit code of zero.
Files containing lists of servers can contain blank lines, and any characters from a '#' onwards are ignored as comments.
Servers specified in the files or on the command line are of the form:
hostname[@ip-address][:port][/protocol]
ip-address
can be an IPv4 address (e.g. 127.0.0.1
) or an IPv6 address
surrounded by square brackets (eg. [::1]
). If it is specified then it
will be used as the IP address to connect to, instead of looking up the
hostname in the DNS.
port
can be a number or a standard service name (e.g. 'https'). If it
is omitted then 'https' is assumed.
protocol
specifies a protocol that should be followed before the SSL
negotiation begins. Valid values include smtp
, imap
or none
. If
it is omitted then none
is assumed, except for ports smtp
or
submission
, where smtp
is assumed, and imap
, where imap
is
assumed.
If the -v
option is specified, then output will be shown with any problems
found first, then all tested servers listed with soonest expiry date first.
If the -b
option is specified, the serial numbers of the certificates
will be checked against those listed in the specified file(s). The file(s)
should contain one serial number per line. They can contain blank lines,
and any characters from a '#' onwards are ignored, as are leading or trailing
whitespace. The serial numbers can be in either upper or lower case.
If the -i
option is specified, only the first certificate in the chain
will be checked, rather than also checking any intermediate certificates
that are supplied by the server.
The process exit code will be zero if no problems were found, and
non-zero otherwise, unless the --exit-zero
option was specified,
in which case the exit code will be zero unless there was an
unexpected error.
# This is an example server list file
www.example.com
example.com
mail.example.com:smtp
othermail.example.com:2525/smtp # this server listens for smtp on port 2525
$ sslexpiry -vf example.conf
example.com Hostname/IP doesn't match certificate's altnames
www.example.com Certificate expiry date is 13 Mar 2018 - 6 days
othermail.example.com:2525/smtp 03 Jul 2018
mail.example.com:smtp 10 Oct 2018
FAQs
Keep an eye on the expiry dates of SSL certificates
The npm package sslexpiry receives a total of 84 weekly downloads. As such, sslexpiry popularity was classified as not popular.
We found that sslexpiry demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.