Telegram bot that sends notifications when a user defined pattern is logged in the CT logs
Go to file
2020-05-13 11:53:58 +02:00
certstream Working rel 2020-05-13 11:53:58 +02:00
php Working rel 2020-05-13 11:53:58 +02:00
certstream_consumer.py Working rel 2020-05-13 11:53:58 +02:00
certstream_producer.py Initial commit 2020-04-22 01:36:22 +02:00
hivemind PHP 2020-04-22 11:05:09 +02:00
notifications_consumer.py Working rel 2020-05-13 11:53:58 +02:00
Procfile Working rel 2020-05-13 11:53:58 +02:00
Readme.md Working rel 2020-05-13 11:53:58 +02:00
rules_test.py Initial commit 2020-04-22 01:36:22 +02:00

CertAlert bot

Intro

CertalAlert with the purpose of sending live notifications from the Certificate Transparency stream. Users can set custom rules and receive notifications only about their domains or keyword of interest. The bot is live here.

Info

The source for the Certificate Transparency data is CertStream. Currently this script it's using their official demo server but it's not super reliable and it may miss some entries. Due to the this issue, a self deployment of CertStream is highly recommended.

  • certstream_producer.py This file push the stream from CertStream to a local Redis queue.
  • certstream_consumer.py This file consumes the previous queue and checks for matching domains. If a match is found, it is puhed on another Redis queue which contains the notifications.
  • notifications_consumer.py This file consumes the notifications queue and so is responsible for using the Telegram API.

Users rules will be stored directly in MySQL for persistence. When a rule is added, it is inserted in both MySQL and in another specific Redis queue. certstream_consumer.py will consume this queue loading rule changes every 1000 domains.

File bootstrap.php needs to be run when the bot is started in order to load the saved rules in MySQL into Redis.

File certalertbot.php has the actual bot logic and is used as a webhook for telegram.

hivemind is used as a process supervisor and requires tmux. Processes are defined in Procfile.

To start the bot, configure MySQL in certalertbot.php and in botostrap.php, insert the Telergam API key in certalertbot.php and in Procfile, configure Redis, publish certalertbot.php, run bootstrap.php and then start everything with hivemind Procfile.

/start

CertAlert bot This bot sends an alert when a certificate matching a certain rule is logged in the Certificate Trasparency.

/list

To list the current rules.

/delete <id>

To delete a rule.

/add <in/start/end> <string>

To add a rule. in matches the given substring in any postition, start at the beginning and end at the end.

For special characters use the IDNA encoding.