{"id":18952420,"url":"https://github.com/devanshbatham/certeagle","last_synced_at":"2025-04-15T11:20:00.761Z","repository":{"id":53748366,"uuid":"286414719","full_name":"devanshbatham/CertEagle","owner":"devanshbatham","description":"Weaponizing Live CT logs for automated monitoring of assets","archived":false,"fork":false,"pushed_at":"2021-09-12T17:39:23.000Z","size":328,"stargazers_count":133,"open_issues_count":1,"forks_count":36,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-15T11:19:55.788Z","etag":null,"topics":["asset-monitoring","bughunting","cybersecurity","osint","reconnaissance","ssl-certificates","subdomain-enumeration","subdomain-finder","subdomain-monitor"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devanshbatham.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-10T08:07:40.000Z","updated_at":"2025-03-16T00:17:53.000Z","dependencies_parsed_at":"2022-09-02T17:34:42.639Z","dependency_job_id":null,"html_url":"https://github.com/devanshbatham/CertEagle","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FCertEagle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FCertEagle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FCertEagle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FCertEagle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devanshbatham","download_url":"https://codeload.github.com/devanshbatham/CertEagle/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249058388,"owners_count":21205911,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asset-monitoring","bughunting","cybersecurity","osint","reconnaissance","ssl-certificates","subdomain-enumeration","subdomain-finder","subdomain-monitor"],"created_at":"2024-11-08T13:33:21.543Z","updated_at":"2025-04-15T11:20:00.744Z","avatar_url":"https://github.com/devanshbatham.png","language":"Python","funding_links":["https://www.buymeacoffee.com/Asm0d3us","https://img.buymeacoffee.com/api/?url=aHR0cHM6Ly9jZG4uYnV5bWVhY29mZmVlLmNvbS91cGxvYWRzL3Byb2ZpbGVfcGljdHVyZXMvMjAyMS8wOS8wMGU4ZGJjODc0NzI0MmRjYTJmNGJkMmMzMzQ1ODUzZC5wbmdAMzAwd18wZS53ZWJw\u0026creator=Asm0d3us\u0026is_creating=creating%20educational%20cybersecurity%20related%20content.\u0026design_code=1\u0026design_color=%235F7FFF\u0026slug=Asm0d3us"],"categories":[],"sub_categories":[],"readme":"## CertEagle - Asset monitoring utility using real time CT log feeds\n![certeagle](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/logo.PNG)\n\n### Detailed Description about this can be found here :\nRead Blog here : https://medium.com/@Asm0d3us/weaponizing-live-ct-logs-for-automated-monitoring-of-assets-39c6973177c7\n\n### Introduction\nIn Bugbounties “**If you are not first , then you are last**” there is no such thing as silver or a bronze medal , Recon plays a very crucial part and if you can detect/Identify a newly added asset earlier than others then the chances of you Finding/Reporting a security flaw on that asset and getting rewarded for the same are higher than others.\n\nPersonally I am monitoring CT logs for domains/subdomains for quite a long time now and it gave me a lot of successful results , The inspiration behind this was “[Sublert : By yassineaboukir](https://github.com/yassineaboukir/sublert/)” which checks crt.sh for subdomains and can be executed periodically , However I am using somewhat different approach and instead of looking into crt.sh periodically, I am extracting domains from Live CT log feeds , So chances of me finding a new asset earlier is higher as compared to others.\n\n### Workflow \n -  Monitoring Real Time CT log feed and extracting the domain names from that feed\n-   Matching the extracted subdomains/domains against the domains/Keywords to be matched\n-   Sending a Slack notification if a domain name matches\n\n#### Requirements :\n\n-   A VPS (UNIX up and running)\n-   Python 3x (Tested with Python 3.6.9)\n-   Slack Workspace (optional)\n\n### Setup \nI am assuming that you have already done with your setup of slack workspace .\n\nNow Create a channel named “subdomain-monitor” and set up a incoming webhook\n\n#### Enabling Slack Notifications :\n\nEdit `config.yaml` file and paste your slack webhook URL there , It should look something like this\n![config](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/config.png)\n\n#### Keywords and domains to match :\n\nYou can specify keywords and domains to match in `domains.yaml` file , You can specify names\n\n**For Matching subdomains :**\n\n![domains.yaml](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/domains.png)\nNote : Notice that preceding dot [ . ]\n\nLets take “.facebook.com” as example , domains extracted from Real time CT logs will be matched against the word “.facebook.com” , if matched they will be logged in our output file (found-domains.log) . The thing to note here is , It will give some false positives like “test.facebook.com.test.com” , “example.facebook.company” but we can filter out them later on by using use regex magic\n\n#### For Matching domains/subdomains with specific keywords :\n\nLets assume that you want to monitor and log domains/subdomains that are having word “hackerone” in them , then our domains.yaml file will look something like this\n![domains.yaml](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/keyword.png)\nNow all the extracted domains/subdomains that are having word “hackerone” in them will be matched and logged (and a slack notification will be sent to you for the same)\n\nOkay we are done with our initial setup , Lets install the required dependencies and run our tool\n\n`$ pip3 install -r requirements.txt`\n\n`$ python3 certeagle.py`\n\n![](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/start.png)\n\n**Matched domains will look like this :**\n\n![](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/output.png)\n\n**Slack Notifications will look like this :**\n\n![enter image description here](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/slack.png)\n\n\n**Output files :**\n\nThe program will keep on running all the matched domains will be saved under output directory in found-domains.log file\n\n![](https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/found-domains.png)\n\n**Strict Warning : Do not monitor assets of any organisation without prior consent**\n\n### Inspiration \n\n[Sublert](https://github.com/yassineaboukir/sublert/) \n\n[Phishing Catcher](https://github.com/x0rz/phishing_catcher)\n\n### Contact\n\nShoot my DM : [@0xAsm0d3us](https://twitter.com/0xAsm0d3us)\n\n## __Want to support my work?__\nIf you think my work has added some value to your existing knowledge, then you can [Buy me a Coffee here](https://www.buymeacoffee.com/Asm0d3us) (and who doesn't loves a good cup of coffee?')\n\n\n[![name](https://img.buymeacoffee.com/api/?url=aHR0cHM6Ly9jZG4uYnV5bWVhY29mZmVlLmNvbS91cGxvYWRzL3Byb2ZpbGVfcGljdHVyZXMvMjAyMS8wOS8wMGU4ZGJjODc0NzI0MmRjYTJmNGJkMmMzMzQ1ODUzZC5wbmdAMzAwd18wZS53ZWJw\u0026creator=Asm0d3us\u0026is_creating=creating%20educational%20cybersecurity%20related%20content.\u0026design_code=1\u0026design_color=%235F7FFF\u0026slug=Asm0d3us)](https://www.buymeacoffee.com/Asm0d3us)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevanshbatham%2Fcerteagle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevanshbatham%2Fcerteagle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevanshbatham%2Fcerteagle/lists"}