certcat is for Certificate Catcher. It monitors issued certificates from CertStream stream and sends an alert to Slack if a domain matches a specified regexp.
websocket +----------+ POST
CertSteam <-----------------> cercat +-----------> Slack
| (regexp) |
+----------+
It's highly inspired by CertStreamMonitor, the first idea was to improve performances for catching with a Golang version.
The regexp is applied on principal and SAN domains. If one of these domains is an IDN, it's converted in an equivalent in ASCII before applying the regexp.
Two methods are available for configuration and can be mixed :
- config file
- environment variables (they override values in config file)
---
SlackWebhookURL: "" #Slack Webhook URL
SlackIconURL: "" #Slack Icon (Avatar) URL
SlackUsername: "" #Slack Username
Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format- SLACKWEBHOOKURL: Slack Webhook URL
- SLACKICONURL: Slack Icon (Avatar) URL
- SLACKUSERNAME: Slack Username
- REGEXP: Regexp to match. Can't be empty. It uses Golang regexp format
usage: cercat [<flags>]
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
-c, --configfile=CONFIGFILE config file
You can run with Docker :
docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*\\.fr$" issif/cercat:latest
INFO[0005] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.129"]}
INFO[0008] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.116"]} The service opens port 6060 for profiles, traces and expvar. Go to http://localhost:6060/debug/pprof and http://localhost:6060/debug/vars.
MIT