update deps

Signed-off-by: Issif <issif_github@gadz.org>

Author: Issif

.goreleaser.yml

@@ -6,7 +6,6 @@ builds:
     goos:
       - linux
       - darwin
-      - windows
     goarch:
       - amd64
 checksum:

README.md

@@ -38,6 +38,7 @@ Workers: 20 # Number of workers to compare the certificates with the Regexp
 TakeScreenshot: false # Try to take a screenshot of the website
 ScreenshotsFolder: "." # Folder to store the screenshots
 IgnoreOlderThan: 10 # Ignore domains older than
+WrongLinksThreshold: 20 # Ignore domains with less broken links than
 ```
 
 ### With env vars
@@ -50,6 +51,7 @@ IgnoreOlderThan: 10 # Ignore domains older than
 - **TAKESCREENSHOT**: Try to take a screenshot of the website
 - **SCREENSHOTSFOLDER**: Folder to store the screenshots
 - **IGNOREOLDERTHAN**: Ignore domains older than
+- **WRONGLINKSTHRESHOLD**: Ignore domains with less broken links than
 
 ## Run
 
@@ -72,8 +74,8 @@ docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEX
 ## Logs
 
 ```bash
-INFO[0005] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.129"]} 
-INFO[0008] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.116"]} 
+INFO[2023-09-13 15:18:17] A suspicious phishing website 'xxxx.com' has been detected
+INFO[2023-09-13 15:18:17] A confirmed phishing website 'xxxx.fr' has been detected
 ```
 
 ## Profiles, Traces and Metrics

cmd/main.go

@@ -8,14 +8,13 @@ import (
 	"cercat/pkg/worker"
 	"fmt"
 	"net/http"
+	_ "net/http/pprof"
 	"os"
 	"path/filepath"
 
-	_ "net/http/pprof"
-
+	"github.com/alecthomas/kingpin"
 	"github.com/arl/statsviz"
 	"github.com/pkg/errors"
-	"gopkg.in/alecthomas/kingpin.v2"
 )
 
 func init() {
@@ -38,32 +37,25 @@ func main() {
 	cfg := config.CreateConfig(configFile)
 	// fmt.Printf("%#v\n", cfg)
 	for i := 0; i < cfg.Workers; i++ {
-		go worker.RunCertCheckWorker(cfg)
+		go worker.RunCertCheckWorker()
 	}
-	go runNotifierWorker(cfg)
-	certstream.StartLoopCertStream(cfg)
+	go runNotifierWorker()
+	certstream.StartLoopCertStream()
 }
 
 // runNotifierWorker is a worker that receives cert, depduplicates and sends to Slack the event
-func runNotifierWorker(cfg *config.Configuration) {
+func runNotifierWorker() {
+	cfg := config.GetConfig()
+
 	for {
 		result := <-cfg.Buffer
-		duplicate := false
-		cfg.PreviousCerts.Do(func(d interface{}) {
-			if result.Domain == d {
-				duplicate = true
-			}
-		})
-		if !duplicate {
-			cfg.PreviousCerts = cfg.PreviousCerts.Prev()
-			cfg.PreviousCerts.Value = result.Domain
-			// j, _ := json.Marshal(result)
-			cfg.Log.Infof("A certificate for '%v' has been issued by %v\n", result.Domain, result.Registrar)
-			if cfg.SlackWebHookURL != "" {
-				go func(c *config.Configuration, r *model.Result) {
-					slack.NewPayload(c, result).Post(c)
-				}(cfg, result)
-			}
+
+		// j, _ := json.Marshal(result)
+		cfg.Log.Infof("A %v phishing website '%v' has been detected\n", result.Status, result.Domain)
+		if cfg.SlackWebHookURL != "" {
+			go func(c *config.Configuration, r *model.Result) {
+				slack.NewPayload(c, result).Post(c)
+			}(cfg, result)
 		}
 	}
 }

config/config.go

@@ -15,39 +15,50 @@ import (
 
 // Configuration represents a configuration element
 type Configuration struct {
-	Workers           int
-	SlackWebHookURL   string
-	SlackIconURL      string
-	SlackUsername     string
-	Regexp            string
-	ScreenshotsFolder string
-	TakeScreenshot    bool
-	IgnoreOlderThan   int
-	RegIP             string
-	RegexpC           *regexp.Regexp
-	PreviousCerts     *ring.Ring
-	Messages          chan []byte
-	Buffer            chan *model.Result
-	Homoglyph         map[string]string
-	Log               *logrus.Logger
+	Workers             int
+	SlackWebHookURL     string
+	SlackIconURL        string
+	SlackUsername       string
+	Regexp              string
+	ScreenshotsFolder   string
+	TakeScreenshot      bool
+	IgnoreOlderThan     int
+	WrongLinksThreshold int
+	RegIP               string
+	RegexpC             *regexp.Regexp
+	PreviousCerts       *ring.Ring
+	Messages            chan []byte
+	Buffer              chan *model.Result
+	Homoglyph           map[string]string
+	Log                 *logrus.Logger
+}
+
+var config *Configuration
+
+func init() {
+	config = new(Configuration)
+}
+
+func GetConfig() *Configuration {
+	return config
 }
 
 // CreateConfig provides a Configuration
 func CreateConfig(configFile *string) *Configuration {
-	c := &Configuration{
+	config = &Configuration{
 		Workers:       50,
 		Homoglyph:     homoglyph.GetHomoglyphMap(),
-		PreviousCerts: ring.New(20),
+		PreviousCerts: ring.New(200),
 		Messages:      make(chan []byte, 100),
 		Buffer:        make(chan *model.Result, 100),
 		Log:           logrus.New(),
 	}
 
-	c.Log.SetFormatter(&logrus.TextFormatter{
+	config.Log.SetFormatter(&logrus.TextFormatter{
 		FullTimestamp:   true,
 		TimestampFormat: "2006-01-02 15:04:05",
 	})
-	c.Log.SetOutput(os.Stdout)
+	config.Log.SetOutput(os.Stdout)
 
 	v := viper.New()
 	v.SetDefault("SlackWebhookURL", "")
@@ -58,6 +69,7 @@ func CreateConfig(configFile *string) *Configuration {
 	v.SetDefault("TakeScreenshot", false)
 	v.SetDefault("ScreenshotsFolder", ".")
 	v.SetDefault("IgnoreOlderThan", 10)
+	v.SetDefault("WrongLinksThreshold", 20)
 
 	if *configFile != "" {
 		d, f := path.Split(*configFile)
@@ -68,24 +80,24 @@ func CreateConfig(configFile *string) *Configuration {
 		v.AddConfigPath(d)
 		err := v.ReadInConfig()
 		if err != nil {
-			c.Log.Fatalf("[ERROR] : Error when reading config file : %v\n", err)
+			config.Log.Fatalf("[ERROR] : Error when reading config file : %v\n", err)
 		}
 	}
 	v.AutomaticEnv()
-	v.Unmarshal(c)
+	v.Unmarshal(config)
 
-	if c.SlackUsername == "" {
-		c.SlackUsername = "Cercat"
+	if config.SlackUsername == "" {
+		config.SlackUsername = "Cercat"
 	}
 
-	if c.Regexp == "" {
-		c.Log.Fatal("Regexp can't be empty")
+	if config.Regexp == "" {
+		config.Log.Fatal("Regexp can't be empty")
 	}
 
-	reg, err := regexp.Compile(c.Regexp)
+	reg, err := regexp.Compile(config.Regexp)
 	if err != nil {
-		c.Log.Fatal("Bad regexp")
+		config.Log.Fatal("Bad regexp")
 	}
-	c.RegexpC = reg
-	return c
+	config.RegexpC = reg
+	return config
 }

example.yaml

@@ -1,5 +1,10 @@
 ---
-SlackWebhookURL: "" #Slack Webhook URL
-SlackIconURL: "" #Slack Icon (Avatar) URL
-SlackUsername: "" #Slack Username
-Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format
+SlackWebhookURL: "" # Slack Webhook URL
+SlackIconURL: "" # Slack Icon (Avatar) URL
+SlackUsername: "Cercat" # Slack Username
+Regexp: ".*\\.fr$" # Regexp to match. Can't be empty. It uses Golang regexp format
+Workers: 20 # Number of workers to compare the certificates with the Regexp
+TakeScreenshot: false # Try to take a screenshot of the website
+ScreenshotsFolder: "." # Folder to store the screenshots
+IgnoreOlderThan: 10 # Ignore domains older than
+WrongLinksThreshold: 20 # Ignore domains with less broken links than

go.mod

@@ -1,48 +1,71 @@
 module cercat
 
-go 1.18
+go 1.24
+
+toolchain go1.24.0
 
 require (
-	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
-	github.com/arl/statsviz v0.5.1
-	github.com/chromedp/cdproto v0.0.0-20230126215531-b7d95b322d50 // indirect
-	github.com/chromedp/chromedp v0.8.7
-	github.com/gobwas/ws v1.1.0
-	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
+	github.com/arl/statsviz v0.6.0
+	github.com/chromedp/cdproto v0.0.0-20250307225615-b9fffb6d31ad // indirect
+	github.com/chromedp/chromedp v0.13.1
+	github.com/gobwas/ws v1.4.0
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/picatz/homoglyphr v0.0.0-20180114170158-6e9a0e190785
 	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/viper v1.15.0
-	golang.org/x/net v0.5.0
-	gopkg.in/alecthomas/kingpin.v2 v2.2.6
+	github.com/sirupsen/logrus v1.9.3
+	github.com/spf13/viper v1.19.0
+	golang.org/x/net v0.37.0
 )
 
 require (
+	github.com/alecthomas/kingpin v2.2.6+incompatible
+	github.com/gocolly/colly v1.2.0
 	github.com/jpillora/go-tld v1.2.1
-	github.com/likexian/whois v1.14.4
-	github.com/likexian/whois-parser v1.24.2
+	github.com/likexian/whois v1.15.6
+	github.com/likexian/whois-parser v1.24.20
 )
 
 require (
-	github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc // indirect
-	github.com/chromedp/sysutil v1.0.0 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/PuerkitoBio/goquery v1.10.2 // indirect
+	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
+	github.com/andybalholm/cascadia v1.3.3 // indirect
+	github.com/antchfx/htmlquery v1.3.4 // indirect
+	github.com/antchfx/xmlquery v1.4.4 // indirect
+	github.com/antchfx/xpath v1.3.3 // indirect
+	github.com/chromedp/sysutil v1.1.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gobwas/httphead v0.1.0 // indirect
 	github.com/gobwas/pool v0.2.1 // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/likexian/gokit v0.25.9 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/kennygrant/sanitize v1.2.4 // indirect
+	github.com/likexian/gokit v0.25.15 // indirect
+	github.com/magiconair/properties v1.8.9 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/sagikazarmark/locafero v0.7.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.12.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	golang.org/x/sys v0.4.0 // indirect
-	golang.org/x/text v0.6.0 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/temoto/robotstxt v1.1.2 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )