Skip to content

Commit

Permalink
Merge pull request #3 from Issif/notifier_worker
Browse files Browse the repository at this point in the history
v2.1
  • Loading branch information
Issif authored Jun 8, 2020
2 parents 59097dc + 1a78371 commit c6c43b8
Show file tree
Hide file tree
Showing 17 changed files with 451 additions and 215 deletions.
4 changes: 3 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
cercat
config.yaml
dist
dist/**
dist/**
lib/*.xml
.vscode
20 changes: 10 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# cercat

`certcat` is for **Certificate Catcher**. It's monitors issued certificates from [CertStream](https://certstream.calidog.io/) stream and send an alert to **Slack** if a domain matchs a specified **regexp**.
`certcat` is for **Certificate Catcher**. It monitors issued certificates from [CertStream](https://certstream.calidog.io/) stream and sends an alert to **Slack** if a domain matches a specified **regexp**.

```bash
websocket +----------+ POST
CertSteam <-----------------> certcat +-----------> Slack
CertSteam <-----------------> cercat +-----------> Slack
| (regexp) |
+----------+
```
Expand All @@ -13,6 +13,8 @@ CertSteam <-----------------> certcat +-----------> Slack

It's highly inspired by [CertStreamMonitor](https://github.com/AssuranceMaladieSec/CertStreamMonitor/blob/master/README.md), the first idea was to improve performances for catching with a **Golang** version.

The regexp is applied on principal an SAN domains. If one of these domains is an [IDN](https://en.wikipedia.org/wiki/Internationalized_domain_name), it's converted in an equivalend in ASCII before applying the regexp.

## Configuration

Two methods are available for configuration and can be mixed :
Expand All @@ -27,8 +29,6 @@ SlackWebhookURL: "" #Slack Webhook URL
SlackIconURL: "" #Slack Icon (Avatar) URL
SlackUsername: "" #Slack Username
Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format
Workers: 20 #Number of workers for consuming feed from CertStream
DisplayErrors: false #Enable/Disable display of errors in logs
```

### With env vars
Expand All @@ -37,8 +37,6 @@ DisplayErrors: false #Enable/Disable display of errors in logs
- **SLACKICONURL**: Slack Icon (Avatar) URL
- **SLACKUSERNAME**: Slack Username
- **REGEXP**: Regexp to match, if empty, '.*' is used. Use Golang regexp format
- **WORKERS**: Number of workers for consuming feed from CertStream
- **DISPLAYERRORS**: Enable/Disable display of errors in logs

## Run

Expand All @@ -55,14 +53,14 @@ Flags:
You can run with Docker :

```
docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*fr$" issif/cercat:latest
docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*\\.fr$" issif/cercat:latest
```

## Logs

```bash
2020/04/14 17:29:40 [INFO] : A certificate for 'www.XXXX.fr' has been issued : {"domain":"www.XXXX.fr","SAN":["www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.183","XX.XX.XX.182"]}
2020/04/14 17:29:41 [INFO] : A certificate for 'XXXX.fr' has been issued : {"domain":"XXXX.fr","SAN":["mail.XXXX.fr","XXXX.fr","www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.108"]}
INFO[0005] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.129"]}
INFO[0008] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.116"]}
```

## Profiles, Traces and Metrics
Expand All @@ -73,6 +71,8 @@ The service opens port `6060` for `profiles`, `traces` and `expvar`. Go to [http

MIT

## Author
## Authors

Thomas Labarussias - [@Issif](https://www.github.com/issif)
Ayoul Elaassal - [@Ayoul3](https://github.com/ayoul3)

2 changes: 0 additions & 2 deletions config_example.yaml → example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,3 @@ SlackWebhookURL: "" #Slack Webhook URL
SlackIconURL: "" #Slack Icon (Avatar) URL
SlackUsername: "" #Slack Username
Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format
Workers: 20 #Number of workers for consuming stream from CertStream
DisplayErrors: false #Enable/Disable display of errors in logs
16 changes: 7 additions & 9 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,16 @@ module cercat
go 1.14

require (
github.com/CaliDog/certstream-go v0.0.0-20180219203951-6016c5462366
github.com/falcosecurity/falcosidekick v0.0.0-20200128210241-efc9dea5ac3a
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee // indirect
github.com/gobwas/pool v0.2.0 // indirect
github.com/gobwas/ws v1.0.3
github.com/google/pprof v0.0.0-20200413000643-b1a96885c1c6 // indirect
github.com/gorilla/websocket v1.4.2
github.com/jmoiron/jsonq v0.0.0-20150511023944-e874b168d07e
github.com/likexian/whois-go v1.5.0
github.com/likexian/whois-parser-go v1.10.4
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
github.com/pkg/errors v0.9.1
github.com/onsi/ginkgo v1.12.2
github.com/onsi/gomega v1.10.1
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/picatz/homoglyphr v0.0.0-20180114170158-6e9a0e190785
github.com/sirupsen/logrus v1.2.0
github.com/spf13/viper v1.6.3
github.com/stretchr/testify v1.4.0 // indirect
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7
gopkg.in/alecthomas/kingpin.v2 v2.2.6
)
Loading

0 comments on commit c6c43b8

Please sign in to comment.