![]()
CertEagle - Asset monitoring utility using real time CT log feeds
2021-03-05 20:30:00
Author: www.blogger.com(查看原文)
阅读量:187
收藏
tag:blogger.com,1999:blog-8317222231133660547.post-73005453531082688302021-03-05T08:30:00.037-03:002021-03-05T08:30:03.593-03:00CertEagle - Asset monitoring utility using real time CT log feeds<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-K4uPpQYV70s/YD8nicNh01I/AAAAAAAAVfI/PEpBC0tcDcgQVgE5BFWr_-xmZ8S5TAsvACNcBGAsYHQ/s1135/CertEagle_1_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="195" data-original-width="1135" height="110" src="https://1.bp.blogspot.com/-K4uPpQYV70s/YD8nicNh01I/AAAAAAAAVfI/PEpBC0tcDcgQVgE5BFWr_-xmZ8S5TAsvACNcBGAsYHQ/w640-h110/CertEagle_1_logo.png" width="640" /></a></div><p><br /></p><p>In Bugbounties “<strong>If you are not first , then you are last</strong>” there is no such thing as <a href="https://www.kitploit.com/search/label/Silver" target="_blank" title="silver">silver</a> or a bronze medal , <a href="https://www.kitploit.com/search/label/Recon" target="_blank" title="Recon">Recon</a> plays a very crucial part and if you can detect/Identify a newly added asset earlier than others then the chances of you Finding/Reporting a security flaw on that asset and getting rewarded for the same are higher than others.</p> <p>Personally I am monitoring CT logs for domains/subdomains for quite a long time now and it gave me a lot of successful results , The inspiration behind this was “<a href="https://github.com/yassineaboukir/sublert/" rel="nofollow" target="_blank" title="Sublert : By yassineaboukir">Sublert : By yassineaboukir</a>” which checks crt.sh for <a href="https://www.kitploit.com/search/label/Subdomains" target="_blank" title="subdomains">subdomains</a> and can be executed periodically , However I am using somewhat different approach and instead of looking into crt.sh periodically, I am extracting domains from Live CT log feeds , So chances of me finding a new asset earlier is higher as compared to others.</p><span><a name='more'></a></span><div><br /></div><div><span style="font-size: large;"><b>Detailed Description about this can be found here :</b></span><br /><p>Read Blog here : <a href="https://medium.com/@Asm0d3us/weaponizing-live-ct-logs-for-automated-monitoring-of-assets-39c6973177c7" rel="nofollow" target="_blank" title="https://medium.com/@Asm0d3us/weaponizing-live-ct-logs-for-automated-monitoring-of-assets-39c6973177c7">https://medium.com/@Asm0d3us/weaponizing-live-ct-logs-for-automated-monitoring-of-assets-39c6973177c7</a></p></div><div><br /></div><span style="font-size: large;"><b>Workflow</b></span><br /> <ul> <li>Monitoring <a href="https://www.kitploit.com/search/label/Real%20Time" target="_blank" title="Real Time">Real Time</a> CT log feed and extracting the domain names from that feed</li> <li>Matching the extracted subdomains/domains against the domains/Keywords to be matched</li> <li>Sending a Slack notification if a domain name matches</li> </ul> <br /><b>Requirements :</b><br /> <ul> <li>A VPS (UNIX up and running)</li> <li>Python 3x (Tested with Python 3.6.9)</li> <li>Slack Workspace (optional)</li> </ul> <br /><span style="font-size: large;"><b>Setup</b></span><br /> <p>I am assuming that you have already done with your setup of slack workspace .</p> <p>Now Create a channel named “subdomain-monitor” and set up a incoming webhook</p> <br /><b>Enabling Slack Notifications :</b><br /> <p>Edit <code>config.yaml</code> file and paste your slack <a href="https://www.kitploit.com/search/label/Webhook" target="_blank" title="webhook">webhook</a> URL there , It should look something like this <a href="https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/config.png" rel="nofollow" target="_blank" title="Weaponizing Live CT logs for automated monitoring of&#160;assets (9)"></a></p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-xB4jkFUUfsM/YD8nuzhGOLI/AAAAAAAAVfM/eM4_hm7VfagaTiFqPjpXFncK2Bif9rX4QCNcBGAsYHQ/s1084/CertEagle_2_config.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="93" data-original-width="1084" height="54" src="https://1.bp.blogspot.com/-xB4jkFUUfsM/YD8nuzhGOLI/AAAAAAAAVfM/eM4_hm7VfagaTiFqPjpXFncK2Bif9rX4QCNcBGAsYHQ/w640-h54/CertEagle_2_config.png" width="640" /></a></div><p><br /></p><b>Keywords and domains to match :</b><br /> <p>You can specify keywords and domains to match in <code>domains.yaml</code> file , You can specify names</p> <p><strong>For Matching subdomains :</strong></p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-PEZyWcXyb2I/YD8n0Ru5M0I/AAAAAAAAVfU/WD-h-3fM1cAqIjLJN-wW-CfSrM-JD94ygCNcBGAsYHQ/s831/CertEagle_3_domains.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="238" data-original-width="831" height="184" src="https://1.bp.blogspot.com/-PEZyWcXyb2I/YD8n0Ru5M0I/AAAAAAAAVfU/WD-h-3fM1cAqIjLJN-wW-CfSrM-JD94ygCNcBGAsYHQ/w640-h184/CertEagle_3_domains.png" width="640" /></a></div><p><br /></p><p><a href="https://raw.githubusercontent.com/devanshbatham/CertEagle/master/static/domains.png" rel="nofollow" target="_blank" title="Weaponizing Live CT logs for automated monitoring of&#160;assets (10)"></a> Note : Notice that preceding dot [ . ]</p> <p>Lets take “.facebook.com” as example , domains extracted from Real time CT logs will be matched against the word “.facebook.com” , if matched they will be logged in our output file (found-domains.log) . The thing to note here is , It will give some false positives like “test.facebook.com.test.com” , “example.facebook.company” but we can filter out them later on by using use regex magic</p> <br /><b>For Matching domains/subdomains with specific keywords :</b><br /> <p>Lets assume that you want to monitor and log domains/subdomains that are having word “hackerone” in them , then our domains.yaml file will look something like this </p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-gbfgEJNZcPE/YD8n5J2noDI/AAAAAAAAVfY/DDq3ckE-pQ0T-1PSjwmMDHE47WuoeqjtACNcBGAsYHQ/s816/CertEagle_4_keyword.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="139" data-original-width="816" height="110" src="https://1.bp.blogspot.com/-gbfgEJNZcPE/YD8n5J2noDI/AAAAAAAAVfY/DDq3ckE-pQ0T-1PSjwmMDHE47WuoeqjtACNcBGAsYHQ/w640-h110/CertEagle_4_keyword.png" width="640" /></a></div><br /><p>Now all the extracted domains/subdomains that are having word “hackerone” in them will be matched and logged (and a slack notification will be sent to you for the same)</p> <p>Okay we are done with our initial setup , Lets install the required dependencies and run our tool</p> <p><code>$ pip3 install -r requirements.txt</code></p> <p><code>$ python3 certeagle.py</code></p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-bMqtQjkBbP0/YD8n-owKGRI/AAAAAAAAVfg/SmE7wTcGC9oPiO-FBPC4gy3oRi9YxNrHgCNcBGAsYHQ/s1096/CertEagle_5_start.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="316" data-original-width="1096" height="184" src="https://1.bp.blogspot.com/-bMqtQjkBbP0/YD8n-owKGRI/AAAAAAAAVfg/SmE7wTcGC9oPiO-FBPC4gy3oRi9YxNrHgCNcBGAsYHQ/w640-h184/CertEagle_5_start.png" width="640" /></a></div><p><br /></p> <p><strong>Matched domains will look like this :</strong></p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-EcZbc8niwLQ/YD8oEd23bJI/AAAAAAAAVfk/lf9i7C3xan8Z20k7BjYWPNqki2xDKA4pgCNcBGAsYHQ/s812/CertEagle_6_output.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="391" data-original-width="812" height="308" src="https://1.bp.blogspot.com/-EcZbc8niwLQ/YD8oEd23bJI/AAAAAAAAVfk/lf9i7C3xan8Z20k7BjYWPNqki2xDKA4pgCNcBGAsYHQ/w640-h308/CertEagle_6_output.png" width="640" /></a></div><p> </p> <p><strong>Slack Notifications will look like this :</strong></p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-3BHXSStONQ4/YD8oJ9iJuWI/AAAAAAAAVfs/5Oj4MMG0sAcwPb5NCDKap6ZgZMvxWPG-QCNcBGAsYHQ/s536/CertEagle_7_slack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="536" data-original-width="514" height="640" src="https://1.bp.blogspot.com/-3BHXSStONQ4/YD8oJ9iJuWI/AAAAAAAAVfs/5Oj4MMG0sAcwPb5NCDKap6ZgZMvxWPG-QCNcBGAsYHQ/w614-h640/CertEagle_7_slack.png" width="614" /></a></div><p><br /></p> <p><strong>Output files :</strong></p> <p>The program will keep on running all the matched domains will be saved under output directory in found-domains.log file</p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-gqFhqcDCCC0/YD8oSWtYl4I/AAAAAAAAVfw/QLCCaMmtoCQ8d2GSDh5hRwHY0M16C4vAQCNcBGAsYHQ/s1042/CertEagle_8_found-domains.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="388" data-original-width="1042" height="238" src="https://1.bp.blogspot.com/-gqFhqcDCCC0/YD8oSWtYl4I/AAAAAAAAVfw/QLCCaMmtoCQ8d2GSDh5hRwHY0M16C4vAQCNcBGAsYHQ/w640-h238/CertEagle_8_found-domains.png" width="640" /></a></div><p><br /></p> <p><strong>Strict Warning : Do not monitor assets of any organisation without prior consent</strong></p> <br /><span style="font-size: large;"><b>Inspiration</b></span><br /> <p><a href="https://github.com/yassineaboukir/sublert/" rel="nofollow" target="_blank" title="Sublert">Sublert</a></p> <p><a href="https://github.com/x0rz/phishing_catcher" rel="nofollow" target="_blank" title="Phishing Catcher">Phishing Catcher</a></p> <br /><span style="font-size: large;"><b>Contact</b></span><br /> <p>Shoot my DM : <a href="https://twitter.com/0xAsm0d3us" rel="nofollow" target="_blank" title="@0xAsm0d3us">@0xAsm0d3us</a></p> <br /><span style="font-size: large;"><b>#Offtopic but Important</b></span><br /> <p>This COVID pandemic affected animals too (in an indirect way) . I will be more than happy if you will show some love for Animals by donating to <a href="https://animalaidunlimited.org/" rel="nofollow" target="_blank" title="Animal Aid Unlimited">Animal Aid Unlimited</a> ,<a href="https://animalaidunlimited.org/" rel="nofollow" target="_blank" title="Animal Aid Unlimited">Animal Aid Unlimited</a> saves animals through street animal rescue, spay/neuter and education. Their mission is dedicated to the day when all living beings are treated with compassion and love.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/devanshbatham/CertEagle" rel="nofollow" target="_blank" title="Download CertEagle">Download CertEagle</a></span></b></div>Zion3R[email protected]
文章来源: http://www.blogger.com/feeds/8317222231133660547/posts/default/7300545353108268830
如有侵权请联系:admin#unsafe.sh