Certwatch is a real-time Certificate Transparency (CT) log monitor that tracks and displays SSL/TLS certificate issuance across the internet. It provides live monitoring of newly issued certificates, helping security researchers and system administrators stay informed about certificate activities.
Screencast.From.2024-12-29.20-09-04.mp4
- Real-time monitoring of Certificate Transparency logs
- Live display of newly issued certificates
- Shows certificate source and timestamp
- Color-coded output for better readability
- Regex pattern matching to filter domains
- Silent mode for pipeline integration
- Lightweight and efficient
- Go 1.21 or higher
git clone https://github.com/storbeck/certwatch.git
cd certwatch
go mod download
To start monitoring all certificate transparency logs:
go run main.go
To filter domains using a regex pattern:
go run main.go -E "pattern"
Examples:
# Monitor only staging and test domains
go run main.go -E "test|staging|internal"
# Monitor specific TLDs
go run main.go -E "\.edu$|\.gov$"
# Monitor subdomains
go run main.go -E "^api\.|^dev\."
Use silent mode (-s) to output only the matching domains, perfect for piping to other tools:
# Output only matching domains
go run main.go -s -E "\.edu$"
# Pipe to other tools
go run main.go -s -E "\.edu$"
In normal mode, the program will display certificates in the following format:
[TIME] β DOMAIN (SOURCE)
Where:
- TIME: Timestamp when the certificate was seen
- DOMAIN: The primary domain name on the certificate
- SOURCE: The Certificate Transparency log source
In silent mode (-s), only the domain name is printed:
domain.com
- certstream-go - Go client for the CertStream protocol
- color - Color output formatting
This project is open source and available under the MIT License.
Contributions are welcome! Please feel free to submit a Pull Request.