Yet another Certificate Transparency monitor and checker.
And yet another project written just to learn one more programming language, but might be helpful for somebody :)
- Custom checks support with custom configs
- Configs which covers different types of CT logs
- Runs without database
- Could be deployed as cloud func like AWS Lambda
- Regex matches for CN's
- Invalid (corrupted) certificates
- Absence of log entries in several national CT logs
- Run checks by default and exit (could be used as cloud function by cron)
TELEGRAM_APITOKEN=... DEBUG=false VERBOSE=false ./goct --config config.yaml- Run as a daemon (all checks will be performed every rescan value in seconds)
TELEGRAM_APITOKEN=... VERBOSE=false ./goct daemon --rescan 3600 --config config.yamlDaemon mode also supports simple http healthchecks on localhost:8081/ping
- Run as cli
./goct cli --config config.yaml --logUri https://ctlog2024.mail.ru/nca2024/ --lookupDepth 175Config example:
---
version: 1
verbose: false
numWorkers: 1
batchSize: 100
daemon: false
checks:
- name: match_by_regexp
regex:
- ".*bank.*"
# re2 regexp to filter out domains with *.ru zone
# - $.+(.{0,4}$)|(\.[^r].{0,2}$)|(\.r[^u].{0,2}$)|(\.ru.{1,4})$
logs:
- "https://ct.googleapis.com/logs/us1/argon2024/"
lookupDepth: 24 #hours
- name: invalid_cert
logs:
- "https://ct-agate.yandex.net/2024"
# - "https://ct.googleapis.com/logs/us1/argon2024/"
lookupDepth: 24
- name: recently_issued_cert
logs:
# - "https://ct-agate.yandex.net/2024"
- "https://ctlog2024.mail.ru/nca2024/"
# - "https://ct.googleapis.com/logs/us1/argon2024/"
lookupDepth: 1
lookupDelta: 100
store:
- type: "sqlite"
tableName: "certs"
uri: "file://tmp/1.db"
flush: true
notifications:
- type: telegram
recipients:
# telegram chat ids
- 1337- Generic secrets provisioning (not only through env's)
- More notifications clients (not only telegram)
- More DB's clients (not only sqlite)
- Your issue :)