add homoglyph map + remove IDN regexp

Issif · May 26, 2020 · 466fd94 · 466fd94
1 parent 963c05e
commit 466fd94
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 24 deletions.
diff --git a/example.yaml b/example.yaml
@@ -0,0 +1,8 @@
+---
+SlackWebhookURL: "" #Slack Webhook URL
+SlackIconURL: "" #Slack Icon (Avatar) URL
+SlackUsername: "" #Slack Username
+Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format
+DomainName: test
+Workers: 20 #Number of workers for consuming stream from CertStream
+DisplayErrors: false #Enable/Disable display of errors in logs
diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/onsi/ginkgo v1.12.2
 	github.com/onsi/gomega v1.10.1
 	github.com/patrickmn/go-cache v2.1.0+incompatible
+	github.com/picatz/homoglyphr v0.0.0-20180114170158-6e9a0e190785
 	github.com/sirupsen/logrus v1.2.0
 	github.com/spf13/viper v1.6.3
 	github.com/stretchr/testify v1.4.0 // indirect

diff --git a/go.sum b/go.sum
@@ -104,6 +104,8 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/picatz/homoglyphr v0.0.0-20180114170158-6e9a0e190785 h1:h1zv5J8K6Hi22jgCuXHJJF+sKG99kSfJO6aJEFJSLGM=
+github.com/picatz/homoglyphr v0.0.0-20180114170158-6e9a0e190785/go.mod h1:XC/aunjQY/D2krxYQwCI6ijxR75grw1/keXATRNWX+4=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -183,6 +185,7 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -212,6 +215,7 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

diff --git a/lib/config.go b/lib/config.go
@@ -1,17 +1,16 @@
 package lib
 
 import (
-	"fmt"
 	"path"
 	"path/filepath"
 	"regexp"
-	"strings"
 
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 	kingpin "gopkg.in/alecthomas/kingpin.v2"
 )
 
+// Configuration represents a configuration element
 type Configuration struct {
 	Workers         int
 	SlackWebHookURL string
@@ -20,15 +19,15 @@ type Configuration struct {
 	DomainName      string
 	RegIP           string
 	Regexp          string
-	RegIDN          string
 	DisplayErrors   string
 }
 
-const RegStrIP = `^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$`
+const regStrIP = `^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$`
 
+// GetConfig provides a Configuration
 func GetConfig() *Configuration {
 	c := &Configuration{
-		RegIP: RegStrIP,
+		RegIP: regStrIP,
 	}
 
 	configFile := kingpin.Flag("configfile", "config file").Short('c').ExistingFile()
@@ -73,20 +72,9 @@ func GetConfig() *Configuration {
 	if _, err := regexp.Compile(c.Regexp); err != nil {
 		log.Fatal("Bad regexp")
 	}
-	if c.Workers < -1 {
+	if c.Workers < 1 {
 		log.Fatal("Workers must be strictly a positive number")
 	}
 
-	c.RegIDN = BuildIDNRegex(c.DomainName)
-
 	return c
 }
-
-func BuildIDNRegex(name string) string {
-	if len(name) < 2 {
-		return ""
-	}
-	// Can detect up to two unicode characters in the domain name.
-	// To adjust according to false positive rate & name length
-	return fmt.Sprintf("[%s]{%d,%d}", strings.ToLower(name), len(name)-2, len(name)-1)
-}
diff --git a/lib/homoglyph.go b/lib/homoglyph.go
@@ -0,0 +1,16 @@
+package lib
+
+import (
+	"github.com/picatz/homoglyphr"
+)
+
+func getHomoglyphMap() map[string]string {
+	alphabet := []string{"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"}
+	homoglyph := map[string]string{}
+	for _, letter := range alphabet {
+		for i := range homoglyphr.StreamAllRelatedCharacters(letter) {
+			homoglyph[i] = letter
+		}
+	}
+	return homoglyph
+}
diff --git a/lib/lib.go b/lib/lib.go
@@ -60,7 +60,6 @@ const certInput = "wss://certstream.calidog.io"
 func CertCheckWorker(config *Configuration) {
 	reg, _ := regexp.Compile(config.Regexp)
 	regIP, _ := regexp.Compile(config.RegIP)
-	regIDN, _ := regexp.Compile(config.RegIDN)
 
 	for {
 		msg := <-MsgChan
@@ -73,7 +72,7 @@ func CertCheckWorker(config *Configuration) {
 		if detailedCert == nil {
 			continue
 		}
-		if !IsMatchingCert(detailedCert, reg, regIDN) {
+		if !IsMatchingCert(detailedCert, reg) {
 			continue
 		}
 		notify(config, *detailedCert)
@@ -115,13 +114,12 @@ func FetchIPAddresses(name string, regIP *regexp.Regexp) []string {
 	return ipsList
 }
 
-func IsMatchingCert(cert *Result, reg, regIDN *regexp.Regexp) bool {
-
+func IsMatchingCert(cert *Result, reg *regexp.Regexp) bool {
 	domainList := append(cert.SAN, cert.Domain)
 	for _, domain := range domainList {
-		if isIDN(domain) && regIDN.MatchString(domain) {
-			return true
-		}
+		// if isIDN(domain) {
+		// 	return true
+		// }
 		if reg.MatchString(domain) {
 			return true
 		}

diff --git a/trace b/trace
diff --git a/trace.out b/trace.out