From 33bc6b73e80c212f5f086404f22cb99d281a0095 Mon Sep 17 00:00:00 2001
From: Filip <filip@mcloud.rs>
Date: Thu, 1 Aug 2019 15:27:43 +0200
Subject: [PATCH] Adding inspect mail script to the repo

---
 index.html       |  19 ++++++
 inspect-mail.php | 166 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 185 insertions(+)
 create mode 100644 index.html
 create mode 100644 inspect-mail.php

diff --git a/index.html b/index.html
new file mode 100644
index 0000000..fdd855b
--- /dev/null
+++ b/index.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Inspect Mail</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+</head>
+<body>
+  <form action="inspect-mail.php" method="post">
+    Mail Server:<br>
+    <input type="text" name="domain" placeholder="Domain or IP address">
+    <br>
+    <br>
+    <input type="submit" value="Test">
+  </form> 
+<p>To get NS, MX and SPF records for the domain, make sure you test a FQDN that has a valid A record. <br>domain.tld should work.<br></p>
+  
+</body>
+</html>
diff --git a/inspect-mail.php b/inspect-mail.php
new file mode 100644
index 0000000..dee716f
--- /dev/null
+++ b/inspect-mail.php
@@ -0,0 +1,166 @@
+<?php
+
+//ini_set('max_execution_time', 0);
+//ini_set('memory_limit', -1);
+error_reporting(0);
+
+if ( ! $_POST['domain'] ) {
+	echo '<span style="color: red;">Mail Server field is empty.</span>';
+	die;
+}
+
+echo '<br><form action="inspect-mail.php" method="post">
+	  	<input type="text" name="domain" value="' . $_POST['domain'] . '">
+        <input type="submit" value="ReTest">
+      </form>
+      <p>To get: NS, MX and SPF records for the domain, make sure you test a FQDN that has a valid A record. <br>domain.tld should work.<br></p>';
+
+//  Identify, set data and report info
+if ( filter_var( $_POST['domain'] , FILTER_VALIDATE_IP ) ) {
+    $isIP = true;
+} else {
+    $isIP = false;
+}
+
+if ( $isIP ) {
+    $ip =   $_POST['domain'];
+    $host = $ip;
+} else {
+    $host = strtolower( $_POST['domain'] );
+    $ip =   gethostbyname( $host );
+
+  	// Get nameservers for the domain
+    $dns =      dns_get_record( $host , DNS_NS );
+
+    // Get MX for the domain
+    $dnsmx =    dns_get_record( $host , DNS_MX );
+
+    // Get SPF for the domain
+    $dnstxt =   dns_get_record( $host , DNS_TXT );
+
+  	// Die if Cloud Flare domain
+	if ( $dns ) {
+    	foreach ( array_reverse( $dns ) as $ns ) {
+        	if ( strpos( $ns['target'] , 'cloudflare.com' ) !== false ) {
+            	echo '<span style="color: red;">This is a Cloud Flare domain. Data can\'t be collected for this domain.</span>';
+              	die;
+            }
+        }
+    }
+
+    if ( $ip == $host ) {
+        echo '<span style="color: red;">IP address has not been found for the given domain name.</span><br>';
+        die;
+    } else {
+        echo '<h2>Domain Info</h2><strong>Domain:</strong> ' . $host .'<br><strong>IP address:</strong> ' . $ip . '<br>';
+    }
+
+    // Print nameservers for the domain
+    if ( $dns ) {
+        echo '<h2>Name Server</h2>';
+        foreach ( array_reverse( $dns ) as $ns ) {
+            echo $ns['target'] . '<br>';
+        }
+    }
+
+    // Print MX for the domain
+    if ( $dnsmx ) {
+        echo '<h2>MX record</h2>';
+        foreach ( array_reverse( $dnsmx ) as $nmx ) {
+            echo $nmx['target'] . '<br>';
+        }
+    }
+
+    // Print SPF for the domain
+    if ( $dnstxt ) {
+        echo '<h2>SPF record</h2>';
+        foreach ( $dnstxt as $ntxt ) {
+            if ( strpos( $ntxt['txt'], 'v=spf1' ) !== false ) {
+                if ( strpos( $ntxt['txt'], $ip ) !== false ) {
+                    echo '<span style="color: green;">' . $ntxt['txt'] . '</span><br>';
+                } elseif ( strpos( $ntxt['txt'], '.' . $host ) !== false ) {
+                    echo '<span style="color: darkorange;">' . $ntxt['txt'] . '</span><br>';
+                } elseif ( strpos( $ntxt['txt'], $host ) !== false ) {
+                    echo '<span style="color: green;">' . $ntxt['txt'] . '</span><br>';
+                } else {
+                    echo '<span style="color: red;">' . $ntxt['txt'] . '</span><br>';
+                }
+            }
+        }
+    }
+}
+
+// Print PTR for an IP
+echo '<h2>PTR record the IP address</h2>';
+echo '<em>Note: No valid PTR record will be retrieved for the IP address of the server that is hosting this script.</em><br><br>';
+
+$ptr = gethostbyaddr( $ip );
+if ( ! $ptr || $ptr == $ip ) {
+	echo '<span style="color: red;">No PTR record found.</span>';
+} elseif ( $ptr == $host ) {
+	echo '<span style="color: green;">' . $ptr . '</span>';
+} elseif ( strpos( $ptr, $host ) !== false ) {
+	echo '<span style="color: darkorange;">' . $ptr . '</span>';
+} elseif ( $isIP ) {
+	echo $ptr;
+} else {
+	echo '<span style="color: red;">' . $ptr . '</span>';
+}
+
+// Ports
+$ports = array( 25, 110, 143, 465, 587, 993, 995 );
+
+// Non SSL ports
+$nonssl = array( 25, 110, 143 );
+
+echo '<h2>Mail Ports</h2>';
+foreach ( $ports as $port ) {
+    $connection = @fsockopen( $host, $port, $errno, $errstr, 1 );
+    if ( is_resource( $connection ) ) {
+        echo '<h3 style="color: green;">' . $host . ': ' . $port . ' (' . getservbyport( $port, 'tcp' ) . ') is open.</h3>';
+        fclose( $connection );
+    } else {
+        echo '<h3 style="color: red;">' . $host . ': ' . $port . ' is not responding.</h3>';
+        $nonssl[] = $port;
+    }
+}
+
+// Removing closed ports
+$sslports = array_diff( $ports, $nonssl );
+
+if ( count( $sslports ) != 0 ) { 
+    echo '<h2>SSL Cert on Ports</h2>';
+}
+
+foreach ( $sslports as $sslport ) {
+	$url =              "tcp://" . $host;
+	$orignal_parse =    parse_url( $url, PHP_URL_HOST );
+    $get =              stream_context_create(array( 
+                            "ssl" => array(
+                                'capture_peer_cert' => true, 
+                                'verify_peer' => false, 
+                                'verify_peer_name' => false ) ) );
+	$read =             stream_socket_client( "ssl://" . $orignal_parse . ":" . $sslport, $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $get );
+	$cert =             stream_context_get_params( $read );
+	$certinfo =         openssl_x509_parse( $cert['options']['ssl']['peer_certificate'] );
+
+    // Print cert data
+  	echo '<h3>Certificate on port: ' . $sslport . '</h3>';
+	if ( ! empty( $certinfo['subject']['CN'] ) ) {
+            if ( $certinfo['subject']['CN'] == $host ) {
+                echo '<strong>Common Name:</strong> <span style="color: green;">' . $certinfo['subject']['CN'] . '</span><br>';
+            } else {
+                echo '<strong>Common Name:</strong> <span style="color: darkorange;">' . $certinfo['subject']['CN'] . '</span><br>';
+            }
+        echo '<strong>Issuer:</strong> ' . $certinfo['issuer']['CN'] . '<br>';
+        echo '<strong>Valid From:</strong> ' . gmdate( 'r', $certinfo['validFrom_time_t'] ) . '<br>';
+    	if ( strtotime( $certinfo['validTo_time_t'] ) > time() ) {
+            echo '<strong>Valid To:</strong> <span style="color: red;">' . gmdate( 'r', $certinfo['validTo_time_t'] ) . '</span>';
+        } else {
+            echo '<strong>Valid To:</strong> <span style="color: green;">' . gmdate( 'r', $certinfo['validTo_time_t'] ) . '</span>';
+        }
+	}
+  	else {
+    	echo '<span style="color: red;">There is no certificate on the port.</span>';
+    }
+}