Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/issif/cercat

Monitor issued certificates in real-time and send alerts to Slack when a domain matches.
https://github.com/issif/cercat

certificate certificate-transparency security-tools slack

Last synced: about 2 months ago
JSON representation

Monitor issued certificates in real-time and send alerts to Slack when a domain matches.

Host: GitHub
URL: https://github.com/issif/cercat
Owner: Issif
License: mit
Created: 2020-04-14T14:37:11.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-08-10T15:00:18.000Z (over 1 year ago)
Last Synced: 2024-10-14T20:43:38.651Z (2 months ago)
Topics: certificate, certificate-transparency, security-tools, slack
Language: Go
Homepage:
Size: 284 KB
Stars: 35
Watchers: 3
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Cercat

![release](https://flat.badgen.net/github/release/issif/cercat/latest?color=green) ![last commit](https://flat.badgen.net/github/last-commit/issif/cercat) ![licence](https://flat.badgen.net/badge/license/MIT/blue) ![docker pulls](https://flat.badgen.net/docker/pulls/issif/cercat?icon=docker)

## Description

`certcat` is for **Certificate Catcher**. It monitors issued certificates from [CertStream](https://certstream.calidog.io/) stream and sends an alert to **Slack** if a domain matches a specified **regexp**.

```bash

               websocket    +----------+   POST

CertSteam <-----------------> cercat   +-----------> Slack

                            | (regexp) |

                            +----------+

```

![screenshot](https://github.com/issif/cercat/raw/master/screenshot.png)

It's highly inspired by [CertStreamMonitor](https://github.com/AssuranceMaladieSec/CertStreamMonitor/blob/master/README.md), the first idea was to improve performances for catching with a **Golang** version.

The regexp is applied on principal and SAN domains. If one of these domains is an [IDN](https://en.wikipedia.org/wiki/Internationalized_domain_name), it's converted in an equivalent in ASCII before applying the regexp.

## Configuration

Two methods are available for configuration and can be mixed :

- *config file*

- *environment variables* (they override values in *config file*)

### With config file

```bash

---

SlackWebhookURL: "" #Slack Webhook URL

SlackIconURL: "" #Slack Icon (Avatar) URL

SlackUsername: "" #Slack Username

Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format

```

### With env vars

- **SLACKWEBHOOKURL**: Slack Webhook URL

- **SLACKICONURL**: Slack Icon (Avatar) URL

- **SLACKUSERNAME**: Slack Username

- **REGEXP**: Regexp to match. Can't be empty. It uses Golang regexp format

## Run

```

usage: cercat []

Flags:

      --help                   Show context-sensitive help (also try --help-long and --help-man).

  -c, --configfile=CONFIGFILE  config file

```

## Docker

You can run with Docker :

```

docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*\\.fr$" issif/cercat:latest 

```

## Logs

```bash

INFO[0005] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.129"]} 

INFO[0008] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.116"]} 

```

## Profiles, Traces and Metrics

The service opens port `6060` for `profiles`, `traces` and `expvar`. Go to [http://localhost:6060/debug/pprof](http://localhost:6060/debug/pprof) and [http://localhost:6060/debug/vars](http://localhost:6060/debug/vars).

## License

MIT

## Authors

Thomas Labarussias - [@Issif](https://www.github.com/issif)

Ayoul Elaassal - [@Ayoul3](https://github.com/ayoul3)