2020-08-20 13:49:00 +02:00
|
|
|
![](https://alaskomega.com/wp-content/uploads/2015/06/AlaskaPanorama_1600x8001.png)
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
# Alaska - Go client for Certstream
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
Alaska is a small wrapper around the Go client for Certstream. It allows you to
|
|
|
|
get the certificates in real time and save them in a SQLite database. There is
|
|
|
|
an small front end in React (imported remotely) and an API with Gin Gonic.
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
## Install
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
```
|
|
|
|
git clone github.com/christalib/alaska
|
|
|
|
go build cmd/alaskad.go
|
|
|
|
go build server.go
|
|
|
|
```
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
You need a version of Go that has go modules.
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
## Run
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
You can run only the server as:
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
```
|
|
|
|
./server
|
|
|
|
```
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
If you don't have already a database, it will create a `certs.db` database for
|
|
|
|
you and run the appropriate migrations.
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
And there is a command line tool to allow you to get the certstream stream:
|
2020-08-20 08:36:13 +02:00
|
|
|
|
2020-08-20 13:49:00 +02:00
|
|
|
```
|
|
|
|
./alaskad
|
|
|
|
```
|
|
|
|
|
|
|
|
After, visit [http://localhost:3000](http://localhost:3000) to see the main
|
|
|
|
page. There is a small extract of data but the interesting part is the API.
|
|
|
|
|
|
|
|
### API
|
|
|
|
|
|
|
|
Alaska doesn't return you the entire model from Certstream for the moment. It
|
|
|
|
creates a simpler model that focuses on threat hunting (and can and/or will be improved):
|
|
|
|
|
|
|
|
```go
|
|
|
|
type Certificate struct {
|
|
|
|
gorm.Model
|
|
|
|
Aggregated string `json:"aggregated"`
|
|
|
|
C string `json:"C"`
|
|
|
|
ST string `json:"ST"`
|
|
|
|
L string `json:"L"`
|
|
|
|
O string `json:"O"`
|
|
|
|
OU string `json:"OU"`
|
|
|
|
CN string `json:"CN"`
|
|
|
|
Fingerprint string `json:"fingerprint"`
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
#### /api/certs
|
|
|
|
|
|
|
|
Returns 100 random certs from your database.
|
|
|
|
|
|
|
|
#### /api/certs/:name
|
|
|
|
|
|
|
|
This will run a search on the CN field or the fingerprint field and return you a
|
|
|
|
possible result.
|
|
|
|
|
|
|
|
# Milestones
|
|
|
|
|
|
|
|
* [ ] Search implemented in the frontend
|
|
|
|
* [ ] Better frontend
|
|
|
|
* [ ] Fullest models
|
|
|
|
* [ ] Upstream filters that don't save domains from a list
|
|
|
|
* [ ] Customizable configuration
|
|
|
|
|
|
|
|
# License
|
|
|
|
|
|
|
|
GNU General Public License v3.0
|