Skip to content

Real-time Certificate Transparency log monitor built in Go. Track SSL/TLS certificate issuance across the internet with live updates, regex-based filtering, and color-coded output.

Notifications You must be signed in to change notification settings

storbeck/certwatch

Folders and files

NameName
Last commit message
Last commit date

Latest commit

9631f99 Β· Dec 30, 2024

History

2 Commits
Dec 30, 2024
Dec 30, 2024
Dec 30, 2024
Dec 30, 2024

Repository files navigation

Certwatch πŸ”

Certwatch is a real-time Certificate Transparency (CT) log monitor that tracks and displays SSL/TLS certificate issuance across the internet. It provides live monitoring of newly issued certificates, helping security researchers and system administrators stay informed about certificate activities.

Screencast.From.2024-12-29.20-09-04.mp4

Features

  • Real-time monitoring of Certificate Transparency logs
  • Live display of newly issued certificates
  • Shows certificate source and timestamp
  • Color-coded output for better readability
  • Regex pattern matching to filter domains
  • Silent mode for pipeline integration
  • Lightweight and efficient

Prerequisites

  • Go 1.21 or higher

Installation

git clone https://github.com/storbeck/certwatch.git
cd certwatch
go mod download

Usage

Basic Monitoring

To start monitoring all certificate transparency logs:

go run main.go

Filtering Domains

To filter domains using a regex pattern:

go run main.go -E "pattern"

Examples:

# Monitor only staging and test domains
go run main.go -E "test|staging|internal"

# Monitor specific TLDs
go run main.go -E "\.edu$|\.gov$"

# Monitor subdomains
go run main.go -E "^api\.|^dev\."

Silent Mode

Use silent mode (-s) to output only the matching domains, perfect for piping to other tools:

# Output only matching domains
go run main.go -s -E "\.edu$"

# Pipe to other tools
go run main.go -s -E "\.edu$" 

Output Format

In normal mode, the program will display certificates in the following format:

[TIME] βœ“ DOMAIN (SOURCE)

Where:

  • TIME: Timestamp when the certificate was seen
  • DOMAIN: The primary domain name on the certificate
  • SOURCE: The Certificate Transparency log source

In silent mode (-s), only the domain name is printed:

domain.com

Dependencies

License

This project is open source and available under the MIT License.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

About

Real-time Certificate Transparency log monitor built in Go. Track SSL/TLS certificate issuance across the internet with live updates, regex-based filtering, and color-coded output.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages