All,
I have uploaded a pair of CertStream-related projects: one self-hosted
server written in Go and a Python library and client tool.
What do they do? It allows you to watch the stream of newly minted certificates published into various certificate transparency logs.
Please let me know if you find anything strange with the packaging.
Here is a small recipe for testing for future reference:
Build your own packages from git:
https://salsa.debian.org/python-team/packages/python-certstream/ https://salsa.debian.org/go-team/packages/certstream-server-go/
Or pick the latest Salsa-built amd64 binaries:
https://salsa.debian.org/jas/certstream-server-go/-/jobs/6872068 https://salsa.debian.org/python-team/packages/python-certstream/-/jobs/6872129
Either 'dpkg -i' or 'apt-get install' the 'certstream-server-go' package
and start it locally like this:
/usr/bin/certstream-server-go -config /usr/share/doc/certstream-server-go/examples/config.sample.yaml
you should see it start talking to networks and print lines like:
2025/01/06 17:10:19 ct-watcher.go:143: Currently monitored ct logs: 48 2025/01/06 17:10:26 ct-watcher.go:292: Processed 1000 entries | Queue length: 0 2025/01/06 17:10:31 ct-watcher.go:292: Processed 2000 entries | Queue length: 0 ...
Then either 'dpkg -i' or 'apt-get install' the 'python3-certstream'
package and start the client talking to your own server like this:
/usr/bin/certstream --url ws://127.0.0.1:8080/
You should see output like this:
...
[2025-01-06T17:11:31.623000]
https://wyvern.ct.digicert.com/2025h1 - cc.xiaoxidaka.cn [cc.xiaoxidaka.cn]
[2025-01-06T17:11:31.624000]
https://wyvern.ct.digicert.com/2025h1 - *.swvasb.com [*.swvasb.com, www.swvabook.swvasb.com, www.swvasb.swvasb.com]
[2025-01-06T17:11:31.653000]
https://ct.googleapis.com/logs/eu1/xenon2025h1 - www.silverresorts.com [www.silverresorts.com]
[2025-01-06T17:11:31.654000]
https://ct.googleapis.com/logs/eu1/xenon2025h1 - www.phoenixcpa.cpa [www.phoenixcpa.cpa]
[2025-01-06T17:11:31.655000]
https://ct.googleapis.com/logs/eu1/xenon2025h1 - intranet.wov.ch [intranet.wov.ch]
...
/Simon
--=-=-Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmd8AegUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFohfuAQCFIncbW7Zn iVtkAf0OvC2bVUUHs+oWQePdR4d/f8KJnAEApLb4jPL+1nO54rkHNpN0N3x9CEs/ ENWVZ0EMJsRUAQw=qpdd
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)