Prometheus Exporter for `crt.sh`

ghcr.io/dazwilkin/crtsh-exporter:0dd8d53

With thanks to Oğuzhan Yilmaz, GitHub Actions now supports mutli-platform (linux/amd64,linux/arm64,linux/arm64/v7) builds.

Example

HOST="..."

curl \
--silent \
--get \
--data-urlencode "q=${HOST}" \
--data-urlencode "output=json" \
https://crt.sh

Returns

[
    {
        "issuer_ca_id": 123456,
        "issuer_name": "C=US, O=Let's Encrypt, CN=R3",
        "common_name": "{HOST}",
        "name_value": "{HOST}",
        "id": 10123456789,
        "entry_timestamp": "2023-01-01T23:59:59.000",
        "not_before": "2023-01-01T23:59:59",
        "not_after": "2023-01-01T23:59:59",
        "serial_number": "123456789abcdef0123456789abcdef0"
    }
]

Run

HOSTS="{host1}.{domain1},{host2}.{domain2},..."

HOST_PORT="8080"
CONT_PORT="8080"

podman run \
--interactive --tty --rm \
--name=crtsh-exporter \
--publish=${HOST_PORT}:${CONT_PORT}/tcp \
ghcr.io/dazwilkin/crtsh-exporter:0dd8d53 \
--hosts=${HOSTS} \
--endpoint=:${CONT_PORT} \
--path=/metrics

Prometheus

VERS="v2.46.0"

# Binds to host network to scrape crt.sh Exporter
podman run \
--interactive --tty --rm \
--net=host \
--volume=${PWD}/prometheus.yml:/etc/prometheus/prometheus.yml \
--volume=${PWD}/rules.yml:/etc/alertmanager/rules.yml \
quay.io/prometheus/prometheus:${VERS} \
  --config.file=/etc/prometheus/prometheus.yml \
  --web.enable-lifecycle

Metrics

Name	Type	Description
`crtsh_exporter_build_info`	Counter	A metric with a constant '1' value
`crtsh_exporter_certificate_expiry`	Gauge	Expiration ("not after") timestamp of most recent record
`crtsh_exporter_certificate_records`	Gauge	Number of Certificate records, labeled by most recent record's metadata
`crtsh_exporter_start_time`	Gauge	Exporter start time in UNIX epoch

Sigstore

crtsh-exporter container images are signed by Sigstore and may be verified:

cosign verify \
--key=./cosign.pub \
ghcr.io/dazwilkin/crtsh-exporter:0dd8d53

NOTE cosign.pub may be downloaded here

To install cosign e.g.:

go install github.com/sigstore/cosign/cmd/cosign@latest

Name		Name	Last commit message	Last commit date
Latest commit History 145 Commits
.github		.github
collector		collector
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
alertmanager.yml		alertmanager.yml
cosign.pub		cosign.pub
go.mod		go.mod
go.sum		go.sum
main.go		main.go
prometheus.yml		prometheus.yml
rules.yml		rules.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Prometheus Exporter for `crt.sh`

Example

Run

Prometheus

Metrics

Sigstore

Similar Exporters

About

Releases

Packages

Contributors 4

Languages

License

DazWilkin/crtsh-exporter

Folders and files

Latest commit

History

Repository files navigation

Prometheus Exporter for crt.sh

Example

Run

Prometheus

Metrics

Sigstore

Similar Exporters

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 4

Languages

Prometheus Exporter for `crt.sh`

Packages