README
¶
[!NOTE] crtmon is a lightweight Certificate Transparency monitoring tool that discovers new subdomains in real time as soon as they appear.
Features
- Real-time subdomain discovery from CT logs
- Persistent dedupe with SQLite to suppress duplicate discoveries
- Discord, Telegram, and generic webhook notifications
- NDJSON file output for first-time discoveries
- Smart batching with built-in rate limiting
- Supports single targets, files, and stdin
Installation
go install github.com/xtremebeing/crtmon@latest
Configuration
Run crtmon once to generate the default configuration template:
crtmon
Edit the generated file:
~/.config/crtmon/provider.yaml
Example config:
discord_webhook: "" # used for -notify discord or -notify both
telegram_bot_token: ""
telegram_chat_id: ""
generic_webhook_url: "" # generic HTTP endpoint that receives JSON per discovery
json_output_file: ""
dedupe_db_path: ""
targets:
- github.com
Webhook behavior:
discord_webhookis still the Discord notification endpoint used by-notify discordand-notify both- legacy
webhookis still accepted for backward compatibility, butdiscord_webhookis the documented key going forward generic_webhook_urlis a separate generic HTTP webhook that receives a JSON payload for each first-time discovery
Generic webhook payload:
{
"domain": "api.github.com",
"target": "github.com",
"not_before": "2026-03-06T12:00:00Z",
"not_after": "2026-06-06T12:00:00Z",
"issuer": "Example CA",
"log_url": "https://ct.googleapis.com/logs/xenon2025",
"first_seen_at": "2026-03-06T14:46:35Z"
}
Flags
-target target domain, file path, or '-' for stdin
-config path to configuration file (default: ~/.config/crtmon/provider.yaml)
-notify notification provider: discord, telegram, both
-webhook-url generic JSON webhook URL for first-time discoveries
-json-file append first-time discoveries to an NDJSON file
-dedupe-db path to SQLite dedupe database (default: ~/.config/crtmon/discovered.db)
-no-dedupe disable persistent dedupe and emit every match
-json output first-time discoveries as JSON to stdout
-version show version
-update update to latest version
-h, -help show help message
Usage Examples
-
Monitor a single target
crtmon -target github.com
-
Monitor targets from config file
crtmon # config: ~/.config/crtmon/provider.yaml
-
Monitor multiple targets from a file
crtmon -target targets.txt
-
Pipe targets via stdin
cat domains.txt | crtmon -target -
-
Use Telegram notifications only
crtmon -target github.com -notify telegram
-
Dual notifications (Discord + Telegram)
echo -e "tesla.com\nuber.com\nmeta.com" | crtmon -target - -notify both
-
Send first-time discoveries to a generic webhook
crtmon -target github.com -webhook-url https://example.com/hooks/crtmon
-
Use Discord notifications with the config webhook
crtmon -target github.com -notify discord
-
Save first-time discoveries to an NDJSON file
crtmon -target github.com -json-file discoveries.ndjson
-
Disable dedupe and emit every match
crtmon -target github.com -no-dedupe
-
Start on system reboot (cron)
echo "@reboot nohup crtmon -target github.com > /tmp/crtmon.log 2>&1 &" | crontab -
[!TIP]
If you see no output or errors:
- Verify your targets are valid
- Double check notification credentials
- Check whether the domain was already discovered in your dedupe database
- Check your internet connection
- Run
crtmon -hfor guidance
TO-DO
- Separate notification channels per target
[!CAUTION] Use crtmon only on assets you own or have permission to test. The authors are not responsible for misuse...
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.