We aim to provide self-hosted tool that would allow for monitoring of (sub)domains for HTTPS certificate expiration, changes in TLS settings and notify in case of any problems or even proactively several days ahead, if technically possible.
Fairly recently the TLS configuration monitoring has become standard and many other projects are better suited for some specific use-cases:
- System administrator (warning about upcoming certificate expiration) - e.g. Uptime Kuma
- Detailed TLS monitoring with output to JSON (including "grade") - SSLyze (since version 5.0)
- Extremely efficient data storage for large volume of scans
- Scanning 1 million domains using SSLyze takes ~250 GB, TLSInventory deduplicates that data to ~50 GB
- Running the same scan twice, SSLyze would have ~500 GB, TLSInventory ~50.7 GB.
- Data can be queried using SQL!
If you are only interested in backend and are not afraid to interact with SQLite database, it can be a great tool for research purposeses as it can acquire complete TLS configuration for tens of thousands of websites per day and very efficiently store it in SQL database.
This repository contains the backend of application TLSInventory.
This part serves as the main API server and also contains all the scanners. Sensors are deployed as instances of this repository, with a different entrypoint.
For information how to deploy this application check the Docker repository.
Exactly Python 3.7.x is required - a limitation due to a dependency on SSLyze v2.6.
Python packages are listed in file requirements.txt.
python3.7 -m venv .venv
source .venv/bin/activate
python3.7 -m pip install -r requirements.txt
# python3.7 -m pip install -r requirements-dev.txt # Run this if you want to run tests, or develop the source code.For information about development practices see file Development.md
