Telegram bot that sends notifications when a user defined pattern is logged in the CT logs

Giulio af8d7cf765 Working rel 2 months ago
certstream af8d7cf765 Working rel 2 months ago
php af8d7cf765 Working rel 2 months ago
Procfile af8d7cf765 Working rel 2 months ago
Readme.md af8d7cf765 Working rel 2 months ago
certstream_consumer.py af8d7cf765 Working rel 2 months ago
certstream_producer.py 42e1a0e539 Initial commit 3 months ago
hivemind 589f5b0f35 PHP 3 months ago
notifications_consumer.py af8d7cf765 Working rel 2 months ago
rules_test.py 42e1a0e539 Initial commit 3 months ago

Readme.md

CertAlert bot

Intro

CertalAlert with the purpose of sending live notifications from the Certificate Transparency stream. Users can set custom rules and receive notifications only about their domains or keyword of interest. The bot is live here.

Info

The source for the Certificate Transparency data is CertStream. Currently this script it's using their official demo server but it's not super reliable and it may miss some entries. Due to the this issue, a self deployment of CertStream is highly recommended.

  • certstream_producer.py This file push the stream from CertStream to a local Redis queue.
  • certstream_consumer.py This file consumes the previous queue and checks for matching domains. If a match is found, it is puhed on another Redis queue which contains the notifications.
  • notifications_consumer.py This file consumes the notifications queue and so is responsible for using the Telegram API.

Users rules will be stored directly in MySQL for persistence. When a rule is added, it is inserted in both MySQL and in another specific Redis queue. certstream_consumer.py will consume this queue loading rule changes every 1000 domains.

File bootstrap.php needs to be run when the bot is started in order to load the saved rules in MySQL into Redis.

File certalertbot.php has the actual bot logic and is used as a webhook for telegram.

hivemind is used as a process supervisor and requires tmux. Processes are defined in Procfile.

To start the bot, configure MySQL in certalertbot.php and in botostrap.php, insert the Telergam API key in certalertbot.php and in Procfile, configure Redis, publish certalertbot.php, run bootstrap.php and then start everything with hivemind Procfile.

/start

CertAlert bot This bot sends an alert when a certificate matching a certain rule is logged in the Certificate Trasparency.

/list

To list the current rules.

/delete <id>

To delete a rule.

/add <in/start/end> <string>

To add a rule. in matches the given substring in any postition, start at the beginning and end at the end.

For special characters use the IDNA encoding.