sebel is a Go package that provides functionality for checking SSL/TLS certificates against malicious connections, by identifying and blacklisting certificates used by botnet command and control (C&C) servers.
Setting up Sebel instance:
import "github.com/teler-sh/sebel"
// ...
s := sebel.New(Options{/* ... */})
Note
The Options
parameter is optional. Currently, the only supported option is disabling the SSL blacklist. See TODO.
Next, set the transport for the HTTP client you are using:
// initialize Sebel (fetch SSLBL data)
s := sebel.New()
client := &http.Client{
Transport: s.RoundTripper(http.DefaultTransport),
}
// now, you can use [client.Do], [client.Get], etc. to create requests.
resp, err := client.Get("https://c2.host")
if err != nil && sebel.IsBlacklist(err) {
// certificate blacklisted
panic(err)
}
defer resp.Body.Close()
Alternatively, for seamless integration without configuring a new client, replace your current default HTTP client with Sebel's RoundTripper
:
http.DefaultClient.Transport = sebel.New().RoundTripper(http.DefaultTransport)
You can also check the certificate later using Sebel's CheckTLS
.
r, err := http.Get("https://c2.host")
if err != nil {
panic(err)
}
defer r.Body.Close()
s := sebel.New()
_, err = s.CheckTLS(r.TLS)
if err != nil && sebel.IsBlacklist(err) {
// certificate blacklisted
panic(err)
}
These examples demonstrate various ways to set up Sebel and integrate it with HTTP clients for SSL/TLS certificate checks.
- Caching SSLBL data under user-specific cache directory.
- Add
io.Writer
option. -
AddNot planned, instead:CheckIP
method. - Add
CheckHost
method.
Caution
Sebel has NOT reached 1.0 yet. Therefore, this library is currently not supported and does not offer a stable API; use at your own risk.
There are no guarantees of stability for the APIs in this library, and while they are not expected to change dramatically. API tweaks and bug fixes may occur.
sebel
is released by @dwisiswant0 under the Apache 2.0 license. See LICENSE.