{"id":13582502,"url":"https://github.com/SSLMate/certspotter","last_synced_at":"2025-04-06T14:31:00.835Z","repository":{"id":37768221,"uuid":"64409269","full_name":"SSLMate/certspotter","owner":"SSLMate","description":"Certificate Transparency Log Monitor","archived":false,"fork":false,"pushed_at":"2025-01-11T16:35:50.000Z","size":391,"stargazers_count":993,"open_issues_count":22,"forks_count":86,"subscribers_count":33,"default_branch":"master","last_synced_at":"2025-01-11T17:36:07.547Z","etag":null,"topics":["certificate-transparency","pki","security","x509"],"latest_commit_sha":null,"homepage":"https://sslmate.com/certspotter","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SSLMate.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-28T15:59:46.000Z","updated_at":"2025-01-11T16:35:54.000Z","dependencies_parsed_at":"2024-01-03T04:13:17.638Z","dependency_job_id":"8d4ce2b0-3326-400b-9903-d399cc9f208d","html_url":"https://github.com/SSLMate/certspotter","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSLMate%2Fcertspotter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSLMate%2Fcertspotter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSLMate%2Fcertspotter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSLMate%2Fcertspotter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SSLMate","download_url":"https://codeload.github.com/SSLMate/certspotter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247495772,"owners_count":20948106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-transparency","pki","security","x509"],"created_at":"2024-08-01T15:02:46.498Z","updated_at":"2025-04-06T14:31:00.500Z","avatar_url":"https://github.com/SSLMate.png","language":"Go","funding_links":[],"categories":["Go","网络外围防御","Phishing awareness and reporting"],"sub_categories":["网络钓鱼意识和报告","Firewall appliances or distributions"],"readme":"# Cert Spotter - Certificate Transparency Monitor\n\n**Cert Spotter** is a Certificate Transparency log monitor from SSLMate that\nalerts you when an SSL/TLS certificate is issued for one of your domains.\nCert Spotter is easier to use than other open source CT monitors, since it does not require\na database. It's also more robust, since it uses a special certificate parser\nthat ensures it won't miss certificates.\n\nCert Spotter is also available as a hosted service by SSLMate that\nrequires zero setup and provides an easy web dashboard to centrally\nmanage your certificates.  Visit \u003chttps://sslmate.com/certspotter\u003e\nto sign up.\n\nYou can use Cert Spotter to detect:\n\n * Certificates issued to attackers who have compromised your DNS and\n   are redirecting your visitors to their malicious site.\n * Certificates issued to attackers who have taken over an abandoned\n   sub-domain in order to serve malware under your name.\n * Certificates issued to attackers who have compromised a certificate\n   authority and want to impersonate your site.\n * Certificates issued in violation of your corporate policy\n   or outside of your centralized certificate procurement process.\n\n## Quickstart\n\nCert Spotter requires Go version 1.19 or higher.\n\n1. Install the certspotter command using the `go` command:\n\n   ```\n   go install software.sslmate.com/src/certspotter/cmd/certspotter@latest\n   ```\n\n2. Create a watch list file `$HOME/.certspotter/watchlist` containing the DNS names you want to monitor,\n   one per line.  To monitor an entire domain tree (including the domain itself\n   and all sub-domains) prefix the domain name with a dot (e.g. `.example.com`).\n   To monitor a single DNS name only, do not prefix the name with a dot.\n\n3. Place one or more email addresses in the `$HOME/.certspotter/email_recipients`\n   file (one per line), and/or place one or more executable scripts in the\n   `$HOME/.certspotter/hooks.d` directory.  certspotter will email the listed\n   addresses (requires your system to have a working sendmail command) and\n   execute the provided scripts when it detects a certificate for a domain on\n   your watch list.\n\n4. Configure your system to run `certspotter` as a daemon.  You may want to specify\n   the `-start_at_end` command line option to tell certspotter to start monitoring\n   new logs at the end instead of the beginning.  This saves significant bandwidth, but\n   you won't be notified about certificates which were logged before you started\n   using certspotter.\n\n## Documentation\n\n* Command line options and operational details: [certspotter(8) man page](man/certspotter.md)\n* The script interface: [certspotter-script(8) man page](man/certspotter-script.md)\n* [Change Log](CHANGELOG.md)\n\n## What certificates are detected by Cert Spotter?\n\nIn the default configuration, any certificate that is logged to a Certificate\nTransparency log recognized by Google Chrome or Apple will be detected by\nCert Spotter.  By default, Google Chrome and Apple only accept certificates that\nare logged, so any certificate that works in Chrome or Safari will be detected\nby Cert Spotter.\n\n## Security\n\nCert Spotter assumes an adversarial model in which an attacker produces\na certificate that is accepted by at least some clients but goes\nundetected because of an encoding error that prevents CT monitors from\nunderstanding it.  To defend against this attack, Cert Spotter uses a\nspecial certificate parser that keeps the certificate unparsed except\nfor the identifiers.  If one of the identifiers matches a domain on your\nwatchlist, you will be notified, even if other parts of the certificate\nare unparsable.\n\nCert Spotter takes special precautions to ensure identifiers are parsed\ncorrectly, and implements defenses against identifier-based attacks.\nFor instance, if a DNS identifier contains a null byte, Cert Spotter\ninterprets it as two identifiers: the complete identifier, and the\nidentifier formed by truncating at the first null byte.  For example, a\ncertificate for `example.org\\0.example.com` will alert the owners of both\n`example.org` and `example.com`.  This defends against [null prefix attacks](\nhttp://www.thoughtcrime.org/papers/null-prefix-attacks.pdf).\n\nSSLMate continuously monitors CT logs to make sure every certificate's\nidentifiers can be successfully parsed, and will release updates to\nCert Spotter as necessary to fix parsing failures.\n\nCert Spotter understands wildcard DNS names, and will alert\nyou if a wildcard certificate might match an identifier on\nyour watchlist.  For example, a watchlist entry for `sub.example.com` would\nmatch certificates for `*.example.com`.\n\nCert Spotter is not just a log monitor, but also a log auditor which\nchecks that the log is obeying its append-only property.  A future\nrelease of Cert Spotter will support gossiping with other log monitors\nto ensure the log is presenting a single view.\n\n## Copyright\n\nCopyright © 2016-2023 Opsmate, Inc.\n\nLicensed under the [Mozilla Public License Version 2.0](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSSLMate%2Fcertspotter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSSLMate%2Fcertspotter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSSLMate%2Fcertspotter/lists"}