CertEagle : Asset Monitoring Utility

CertEagle is a asset monitoring utility using real time CT log feeds.

In Bugbounties “If you are not first , then you are last” there is no such thing as silver or a bronze medal , Recon plays a very crucial part and if you can detect/Identify a newly added asset earlier than others then the chances of you Finding/Reporting a security flaw on that asset and getting rewarded for the same are higher than others.

Personally I am monitoring CT logs for domains/subdomains for quite a long time now and it gave me a lot of successful results , The inspiration behind this was “Sublert : By yassineaboukir” which checks crt.sh for subdomains and can be executed periodically , However I am using somewhat different approach and instead of looking into crt.sh periodically, I am extracting domains from Live CT log feeds , So chances of me finding a new asset earlier is higher as compared to others.

Workflow

  • Monitoring Real Time CT log feed and extracting the domain names from that feed
  • Matching the extracted subdomains/domains against the domains/Keywords to be matched
  • Sending a Slack notification if a domain name matches

Requirements

  • A VPS (UNIX up and running)
  • Python 3x (Tested with Python 3.6.9)
  • Slack Workspace (optional)

Setup

I am assuming that you have already done with your setup of slack workspace .

Now Create a channel named “subdomain-monitor” and set up a incoming webhook

  • Enabling Slack Notifications

Edit config.yaml file and paste your slack webhook URL there , It should look something like this

  • Keywords and domains to match :

You can specify keywords and domains to match in domains.yaml file , You can specify names

  • For Matching subdomains :

Note : Notice that preceding dot [ . ]

Lets take “.facebook.com” as example , domains extracted from Real time CT logs will be matched against the word “.facebook.com” , if matched they will be logged in our output file (found-domains.log) . The thing to note here is , It will give some false positives like “test.facebook.com.test.com” , “example.facebook.company” but we can filter out them later on by using use regex magic

  • For Matching domains/subdomains with specific keywords :

Lets assume that you want to monitor and log domains/subdomains that are having word “hackerone” in them , then our domains.yaml file will look something like this

Now all the extracted domains/subdomains that are having word “hackerone” in them will be matched and logged (and a slack notification will be sent to you for the same)

Okay we are done with our initial setup , Lets install the required dependencies and run our tool

$ pip3 install -r requirements.txt
$ python3 certeagle.py

  • Matched domains will look like this :
  • Slack Notifications will look like this :
  • Output files :

The program will keep on running all the matched domains will be saved under output directory in found-domains.log file

Strict Warning : Do not monitor assets of any organisation without prior consent

R K

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

1 day ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

1 day ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

1 day ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

1 day ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

1 day ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

2 days ago