Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

technion/ct_advisor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
apps/ct_advisor
apps/ct_advisor
 
 
config
config
 
 
priv
priv
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
elvis.config
elvis.config
 
 
rebar.config
rebar.config
 
 
rebar.lock
rebar.lock
 
 
rebar3
rebar3
 
 

Repository files navigation

ct_advisor

ct_advisor is a proactive alerting tool for Google's Certificate Transparency.

Shutdown Statement

The production instance of CT Advisor is shutting down. Although this was open source, as far as I'm aware there were no other installations of this application. Accordingly, this repo is being archived. See below for further information.

https://lolware.net/blog/shutdown-ctadvisor/

Original README

It is running live on this this link and we encourage you to register your domains there.

Google offers a number of great options for an administrator to utilise this feature. Unfortunately being an early adopter, particularly if you run Windows servers or run SSL on appliances, makes it difficult to take advantage of this service.

As an alternative option, this service continually polls the CT log, and will trigger alerts if a certificate is ever registered for your domain, by any CA in the CT program. This can be used to identify fraudulent certificates.

This image this ct_advisor in action:

CT Advisor Email

Monitoring your domain

This application has been running for some time at the following site: ctadvisor.lolware.net.

Note that monitors are not instant. Some certificates have taken several days to show up in CT monitor logs.

Setup

This application uses a PostgreSQL database, and an SMTP server.

  • Install the front end, ct_advisor_int
  • Create tables using the Rails frontend
  • Create priv/credentials.rr in the following format:
{database, {credentials, "localhost", "ct_advisor", "password"}}.
{smtp, {credentials, "email-relay.com", "username", "password"}}.

Build

This application bundles the tested version of rebar3, and will pull its own external dependancies, of which there are several. Both eunit and Common Test suites are utilised.

$ ./rebar3 xref
$ ./rebar3 dialyzer
$ ./rebar3 eunit
$ ./rebar3 ct
$ /.rebar3 release

In development

It's far easier to utilise my instance of this tool than to attempt to run it yourself - I recommend doing so unless you wish to be involved in development.

Contributing

  • In line with the above, potential contributors should be aware I am unlikely to merge and changes relating to features that I won't be using.
  • Code must produce no errors under dialyzer, xref or elvis
  • Complex functions must include eunit tests
  • Leave your politics at the door

About

A monitoring service for Certificate Transparency

Resources

Readme

License

View license
Activity

Stars

32 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages