certcat is for Certificate Catcher. It's monitors issued certificates from CertStream stream and send an alert to Slack if a domain matchs a specified regexp.
websocket +----------+ POST
CertSteam <-----------------> cercat +-----------> Slack
| (regexp) |
+----------+
It's highly inspired by CertStreamMonitor, the first idea was to improve performances for catching with a Golang version.
Two methods are available for configuration and can be mixed :
- config file
- environment variables (they override values in config file)
---
SlackWebhookURL: "" #Slack Webhook URL
SlackIconURL: "" #Slack Icon (Avatar) URL
SlackUsername: "" #Slack Username
Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format
Workers: 20 #Number of workers for consuming feed from CertStream- SLACKWEBHOOKURL: Slack Webhook URL
- SLACKICONURL: Slack Icon (Avatar) URL
- SLACKUSERNAME: Slack Username
- REGEXP: Regexp to match, if empty, '.*' is used. Use Golang regexp format
- WORKERS: Number of workers for consuming feed from CertStream
usage: cercat [<flags>]
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
-c, --configfile=CONFIGFILE config file
You can run with Docker :
docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*fr$" issif/cercat:latest
2020/04/14 17:29:40 [INFO] : A certificate for 'www.XXXX.fr' has been issued : {"domain":"www.XXXX.fr","SAN":["www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.183","XX.XX.XX.182"]}
2020/04/14 17:29:41 [INFO] : A certificate for 'XXXX.fr' has been issued : {"domain":"XXXX.fr","SAN":["mail.XXXX.fr","XXXX.fr","www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.108"]}The service opens port 6060 for profiles, traces and expvar. Go to http://localhost:6060/debug/pprof and http://localhost:6060/debug/vars.
MIT
Thomas Labarussias - @Issif