From 1a78371dfec11e309cdf552dc7c587a1323b9a12 Mon Sep 17 00:00:00 2001 From: Issif Date: Sun, 7 Jun 2020 21:48:08 +0200 Subject: [PATCH] update readme + back of example --- .gitignore | 3 ++- README.md | 14 +++++++++----- example.yaml | 3 +-- {lib_test => lib}/lib_suite_test.go | 0 {lib_test => lib}/lib_test.go | 2 +- 5 files changed, 13 insertions(+), 9 deletions(-) rename {lib_test => lib}/lib_suite_test.go (100%) rename {lib_test => lib}/lib_test.go (97%) diff --git a/.gitignore b/.gitignore index 501c251..3b9a9c9 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ cercat config.yaml dist dist/** -lib/*.xml \ No newline at end of file +lib/*.xml +.vscode \ No newline at end of file diff --git a/README.md b/README.md index 54ca37d..d294ccb 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # cercat -`certcat` is for **Certificate Catcher**. It's monitors issued certificates from [CertStream](https://certstream.calidog.io/) stream and send an alert to **Slack** if a domain matchs a specified **regexp**. +`certcat` is for **Certificate Catcher**. It monitors issued certificates from [CertStream](https://certstream.calidog.io/) stream and sends an alert to **Slack** if a domain matches a specified **regexp**. ```bash websocket +----------+ POST @@ -13,6 +13,8 @@ CertSteam <-----------------> cercat +-----------> Slack It's highly inspired by [CertStreamMonitor](https://github.com/AssuranceMaladieSec/CertStreamMonitor/blob/master/README.md), the first idea was to improve performances for catching with a **Golang** version. +The regexp is applied on principal an SAN domains. If one of these domains is an [IDN](https://en.wikipedia.org/wiki/Internationalized_domain_name), it's converted in an equivalend in ASCII before applying the regexp. + ## Configuration Two methods are available for configuration and can be mixed : @@ -51,14 +53,14 @@ Flags: You can run with Docker : ``` -docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*fr$" issif/cercat:latest +docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*\\.fr$" issif/cercat:latest ``` ## Logs ```bash -2020/04/14 17:29:40 [INFO] : A certificate for 'www.XXXX.fr' has been issued : {"domain":"www.XXXX.fr","SAN":["www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.183","XX.XX.XX.182"]} -2020/04/14 17:29:41 [INFO] : A certificate for 'XXXX.fr' has been issued : {"domain":"XXXX.fr","SAN":["mail.XXXX.fr","XXXX.fr","www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.108"]} +INFO[0005] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.129"]} +INFO[0008] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.116"]} ``` ## Profiles, Traces and Metrics @@ -69,6 +71,8 @@ The service opens port `6060` for `profiles`, `traces` and `expvar`. Go to [http MIT -## Author +## Authors Thomas Labarussias - [@Issif](https://www.github.com/issif) +Ayoul Elaassal - [@Ayoul3](https://github.com/ayoul3) + diff --git a/example.yaml b/example.yaml index 2acbf83..500483b 100644 --- a/example.yaml +++ b/example.yaml @@ -2,5 +2,4 @@ SlackWebhookURL: "" #Slack Webhook URL SlackIconURL: "" #Slack Icon (Avatar) URL SlackUsername: "" #Slack Username -Regexp: ".*\\.fr" #Regexp to match. Can't be empty. It uses Golang regexp format -Workers: 20 #Number of workers for consuming stream from CertStream \ No newline at end of file +Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format diff --git a/lib_test/lib_suite_test.go b/lib/lib_suite_test.go similarity index 100% rename from lib_test/lib_suite_test.go rename to lib/lib_suite_test.go diff --git a/lib_test/lib_test.go b/lib/lib_test.go similarity index 97% rename from lib_test/lib_test.go rename to lib/lib_test.go index e7981c1..f2e5224 100644 --- a/lib_test/lib_test.go +++ b/lib/lib_test.go @@ -23,7 +23,7 @@ var _ = Describe("Handler", func() { }) }) Describe("If alternative subject matches", func() { - cert := &lib.Result{Domain: "www.test.net", SAN: []string{"www.test.com"}} + cert := &lib.Result{Domain: "www.tset.net", SAN: []string{"www.test.com"}} It("should return true", func() { result := lib.IsMatchingCert(config, cert, reg) Expect(result).To(BeTrue())