A CertStream monitoring tool. Monitor and alert on Certificate Transparency logs by looking for keyword matches.
This is a customizable domain discovery, recon, and security tool based on Certificate Transparency log monitoring.
To get started, basic CertPipe configuration involves specifying keywords to search for (or ignore). Edit the config.py
file using a text editor to modify the configuration.
Here are the keyword settings in config.py
:
- Install python dependencies with
pip install -r requirements
. - Edit
config.py
to configure the application. - Run the application using
python certpipe.py
Easily create and run a CertPipe Docker image:
- Edit
config.py
to configure the application. - Build the image using
docker build -t certpipe-docker .
within the CertPipe directory. - Start the Docker container in headless mode with
docker run -d certpipe-docker
.
Results can be viewed in a few ways:
- Slack or Mattermost alerting. Useful for receiving alerts on mobile device.
- CSV output (certpipe_matches.csv)
- Text output in terminal window
- URLScan.io scan results for matched domains
- List of keywords to alert on
- List of keywords to always ignore
- Use text similarity matching algorithms / Text Fuzzing
- Create a configuration file
- Text output
- Basic Logging / Debug
- Add Docker deployment option
- Slack alerting
- Mattermost Webhook alerting
- CSV file output
- Output type: matched domains
- Scan the domains that match the keywords (URLScan.io Submission API)
- Bulk send alert notifications every n seconds
- Output type: full detailed JSON
- Syslog output
- CLI argument handling for configuration
- Improve exception handling
- Lightweight web frontend for viewing live results