A monitoring tool for certificate transparency of ProtonMail's SSL/TLS certificates
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
ct-monitor.py Improved date handling, Changed API endpoint. Feb 15, 2018
license.md Added license. Jul 11, 2017
requirements.txt Initial release. Jul 11, 2017

README.md

ct-monitor

A monitoring tool for certificate transparency.

Overview

The tool monitors and logs new changes on certificate transparency for domains. It then notifies the user whenever a new certificate has been logged on the certificate transparency framework. In case an unauthorized signed SSL certificate for a domain is created, it will be immediately logged and notified.

Usage

Let's say a company owns example1.com, example2.com, example3.com, etc... To monitor the certificate transparency logs for these domains.

First

python ct-monitor.py --domains "example1.com,example2.com,example3.com" --db /var/logs/ct_monitor.db --initial-scan

Second

After running an initial scan on all domains, run the following:

python ct-monitor.py --domains "example1.com,example2.com,example3.com" --db /var/logs/ct_monitor.db

Now, whenever a certificate is issued that holds one of the specified domains, a notification will be sent.

Note

Within the ct-monitor.py script, there is a function called notification_handler. It's set to print the notification on screen by default. You would need to customize it based on your needs to integrate the tool with your preferred notification channel.

Requirements

  • Python2 or Python3
  • requests

Compatibility

The project currently supports all platforms that run Python. The project is compatible with both Python 2 and Python 3.

References on Certificate Transparency