ct_advisor's Introduction

ct_advisor

ct_advisor is a proactive alerting tool for Google's Certificate Transparency.

Shutdown Statement

The production instance of CT Advisor is shutting down. Although this was open source, as far as I'm aware there were no other installations of this application. Accordingly, this repo is being archived. See below for further information.

https://lolware.net/blog/shutdown-ctadvisor/

Original README

It is running live on this this link and we encourage you to register your domains there.

Google offers a number of great options for an administrator to utilise this feature. Unfortunately being an early adopter, particularly if you run Windows servers or run SSL on appliances, makes it difficult to take advantage of this service.

As an alternative option, this service continually polls the CT log, and will trigger alerts if a certificate is ever registered for your domain, by any CA in the CT program. This can be used to identify fraudulent certificates.

This image this ct_advisor in action:

Monitoring your domain

This application has been running for some time at the following site: ctadvisor.lolware.net.

Note that monitors are not instant. Some certificates have taken several days to show up in CT monitor logs.

Setup

This application uses a PostgreSQL database, and an SMTP server.

Install the front end, ct_advisor_int
Create tables using the Rails frontend
Create priv/credentials.rr in the following format:

{database, {credentials, "localhost", "ct_advisor", "password"}}.
{smtp, {credentials, "email-relay.com", "username", "password"}}.

Build

This application bundles the tested version of rebar3, and will pull its own external dependancies, of which there are several. Both eunit and Common Test suites are utilised.

$ ./rebar3 xref
$ ./rebar3 dialyzer
$ ./rebar3 eunit
$ ./rebar3 ct
$ /.rebar3 release

In development

It's far easier to utilise my instance of this tool than to attempt to run it yourself - I recommend doing so unless you wish to be involved in development.

Contributing

In line with the above, potential contributors should be aware I am unlikely to merge and changes relating to features that I won't be using.
Code must produce no errors under dialyzer, xref or elvis
Complex functions must include eunit tests
Leave your politics at the door

ct_advisor's People

Contributors

Stargazers

Watchers

ct_advisor's Issues

Build is a mess

Due mainly to this issue: erlang/rebar3#300, there's no sane way to build this. Still seeking a workaround.

Configure a user agent

Hi,

Can you please add the ability to configure a user agent and set a default one for this project? I've been trying to track down the various researcher projects that are scraping the Let's Encrypt CT Oak and Testflume logs.

Thank you!

technion / ct_advisor Goto Github PK