Skip to content
/ sebel Public

Checks SSL/TLS certificates for potential malicious connections by detecting and blocking certificates used by botnet command and control (C&C) servers.

License

Notifications You must be signed in to change notification settings

teler-sh/sebel

Repository files navigation

sebel

GoDoc tests Go Report Card

sebel is a Go package that provides functionality for checking SSL/TLS certificates against malicious connections, by identifying and blacklisting certificates used by botnet command and control (C&C) servers.

Usage

Setting up Sebel instance:

import "github.com/teler-sh/sebel"

// ...

s := sebel.New(Options{/* ... */})

Note

The Options parameter is optional. Currently, the only supported option is disabling the SSL blacklist. See TODO.

Examples

Next, set the transport for the HTTP client you are using:

// initialize Sebel (fetch SSLBL data)
s := sebel.New()

client := &http.Client{
    Transport: s.RoundTripper(http.DefaultTransport),
}

// now, you can use [client.Do], [client.Get], etc. to create requests.

resp, err := client.Get("https://c2.host")
if err != nil && sebel.IsBlacklist(err) {
    // certificate blacklisted
    panic(err)
}
defer resp.Body.Close()

Alternatively, for seamless integration without configuring a new client, replace your current default HTTP client with Sebel's RoundTripper:

http.DefaultClient.Transport = sebel.New().RoundTripper(http.DefaultTransport)

You can also check the certificate later using Sebel's CheckTLS.

r, err := http.Get("https://c2.host")
if err != nil {
	panic(err)
}
defer r.Body.Close()

s := sebel.New()

_, err = s.CheckTLS(r.TLS)
if err != nil && sebel.IsBlacklist(err) {
	// certificate blacklisted
	panic(err)
}

These examples demonstrate various ways to set up Sebel and integrate it with HTTP clients for SSL/TLS certificate checks.

TODO

  • Caching SSLBL data under user-specific cache directory.
  • Add io.Writer option.
  • Add CheckIP method. Not planned, instead:
  • Add CheckHost method.

Status

Caution

Sebel has NOT reached 1.0 yet. Therefore, this library is currently not supported and does not offer a stable API; use at your own risk.

There are no guarantees of stability for the APIs in this library, and while they are not expected to change dramatically. API tweaks and bug fixes may occur.

License

sebel is released by @dwisiswant0 under the Apache 2.0 license. See LICENSE.

The data used in this project are © by abuse.ch under CC0.

About

Checks SSL/TLS certificates for potential malicious connections by detecting and blocking certificates used by botnet command and control (C&C) servers.

Topics

Resources

License

Stars

Watchers

Forks

Sponsor this project

 

Languages