CertPipe

A CertStream monitoring tool. Monitor and alert on Certificate Transparency logs by looking for keyword matches.

This is a customizable domain discovery, recon, and security tool based on Certificate Transparency log monitoring.

Usage

Basic Configuration

To get started, basic CertPipe configuration involves specifying keywords to search for (or ignore). Edit the config.py file using a text editor to modify the configuration.

Here are the keyword settings in config.py:

Run with Python

1. Install python dependencies with pip install -r requirements.
2. Edit config.py to configure the application.
3. Run the application using python certpipe.py

Run in Docker

Easily create and run a CertPipe Docker image:

1. Edit config.py to configure the application.
2. Build the image using docker build -t certpipe-docker . within the CertPipe directory.
3. Start the Docker container in headless mode with docker run -d certpipe-docker.

Output

Results can be viewed in a few ways:

• Slack or Mattermost alerting. Useful for receiving alerts on mobile device.
• CSV output (certpipe_matches.csv)
• Text output in terminal window
• URLScan.io scan results for matched domains

Example Text Output

TODO:

• List of keywords to alert on
• List of keywords to always ignore
• Use text similarity matching algorithms / Text Fuzzing
• Create a configuration file
• Text output
• Basic Logging / Debug
• Add Docker deployment option
• Slack alerting
• Mattermost Webhook alerting
• CSV file output
• Output type: matched domains
• Scan the domains that match the keywords (URLScan.io Submission API)
• Bulk send alert notifications every n seconds
• Output type: full detailed JSON
• Syslog output
• CLI argument handling for configuration
• Improve exception handling
• Lightweight web frontend for viewing live results