tls-certificate-transparency-log-alerter v1.0.0
tls-certificate-transparency-log-alerter
HEALTH WARNING!
This is still in early stage development and subject to change, prone to bugs and only partially complete.
Overview
A super simple program to check TLS certificate transparency logs for one or more domain name patterns and alert on new or unexpected (e.g. issued by a certificate authority that you don't normally use) certificates.
This app offers both simple, unix-style command line functionality and a consumable API/library. The end goal is to create a small service which can be used (as an example) as an AWS Lambda function which is triggered by a Cloudwatch event and can raise Cloudwatch alarms which can notify e.g. an ops team.
The source of data for this package is crt.sh, a certificate transparency log aggregator. We make use of the RSS feeds crt.sh provides so please don't abuse them (e.g. by running tests very frequently).
Oh yeah, this is HTTP2-capablein requests for crt.sh data.
Prerequisites
Installation
npm install tls-certificate-transparency-log-alerter --production
Note: If you're looking to do development work on this, omit the --production
argument - but you know that :smile:.
Using tls-certificate-transparency-log-alerter
Using tls-certificate-transparency-log-alerter as a library
You can simply require
the library side of this package by listing it as a dependency in your package.json
file and require
ing or import
ing as you would any other library.
Using tls-certificate-transparency-log-alerter as a command line client (CLI)
When you npm install
this package, you'll be a "binary" (yeah, it's not a binary, it's an executable - but that's a convention we have for some weird reason) installed which will allow you to run:
check-ct-logs <args>
from anywhere on your computer.
You can run:
check-ct-logs -h
To show available arguments.
Development
I've set this project up such that it builds via babel. I write code in atom and use the language-babel plugin to automatically build on save - this is configured in the .language-babel
config file in the project root. Source code is in <project root>/src/
and transpiled files are in <project root>/dist/
. Also noteworthy is the use of the babel plugin babel-plugin-typecheck which adds flow style function argument types but additionally over flow, enforces these at runtime (which I like very much, YMMV).
Semver
This project aims to maintain the semver version numbering scheme.
Changelog
See the changelog file
To do
- Add some unit tests
- lint and refactor the code to be less horrible
- Test and amend problems running as Lambda Function
- Get user feedback and implement improvements and fixes
Contributing
Contributions are very welcome for fixes, improvements, new features, documentation, bug reports and/or ideas. Please create a Github issue initially so we can discuss and agree actions/approach - that should save time all-round.
The ideal way to receive contributions is via a Github Pull Request from the master branch. Please ensure that at least unit tests (you can run these via npm test
) and if possible, linter rules (npm run lint
).
If you find a sensitive, security issue with this application, please email me privately in the first instance: neil [dot] craig [at] thedotproduct [dot] org
.
License
8 years ago