-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.py
63 lines (52 loc) · 2.13 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import certstream
import json
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText
from fuzzer.fuzzer import fuzz_string
from requests.auth import HTTPBasicAuth
monitor_strings = ['google', 'paypal', 'office']
monitor_whitelis =['domain.com', 'site']
sender = ''
receivers = ['', '']
username = ''
password = ''
server_address = ''
def send_mail(sender, receivers, subject, body, username, password, server_address):
message = MIMEMultipart()
message["From"] = sender
message["To"] = ",".join(receivers)
message["Subject"] = subject
message.attach(MIMEText(body))
try:
server = smtplib.SMTP(server_address, 587)
server.starttls()
server.login(username, password)
server.sendmail(sender, receivers, message.as_string())
server.quit()
except Exception as e:
print('Failed to send a mail: {}'.format(e))
def fuzz_strings(monitor_strings):
domains = []
for string in monitor_strings:
fuzzer = fuzz_string(string)
fuzzer.fuzz()
for fdomain in (fuzzer.domains):
domains.append(fdomain['domain-name'].strip())
return domains
def callback(message, context):
if message['message_type'] == "heartbeat":
return
if message['message_type'] == "certificate_update":
all_domains = message['data']['leaf_cert']['all_domains']
for domain in all_domains:
for search_string in search_strings:
if search_string in domain and search_string not in monitor_whitelis:
print('Suspicious domain: {}'.format(domain))
subject = 'SSL-Monitor: Suspicious domain found {}'.format(domain)
body = 'While monitoring newly registerd SSL certificates as domain was detected that matches your search criteria:\n\n{}'.format(domain)
send_mail(sender, receivers, subject, body, username, password, server_address)
return
search_strings = fuzz_strings(monitor_strings)
print('A total of {} strings will be monitored'.format(len(search_strings)))
certstream.listen_for_events(callback)