added notes to settings.yaml

moved core app config (name, version) out of settings and into app/app_settings.py added ability to brand SneakyScope to any name added caching of cert information from crt.sh (cache enable and lenght is configurable in settings.yaml) streamlined header/footer loading to be more correct
2025-08-23 20:37:44 -05:00
parent 5af8513e14
commit b59bf67329
17 changed files with 317 additions and 56 deletions
--- a/app/utils/enrichment.py
+++ b/app/utils/enrichment.py
@@ -30,6 +30,8 @@ days = 24 * 60

 GEOIP_DEFAULT_TTL = settings.cache.geoip_cache_days * days
 WHOIS_DEFAULT_TTL = settings.cache.whois_cache_days * days
+CRT_DEFAULT_TTL = settings.cache.crt_cache_days * days
+

 logger = get_app_logger()

@@ -137,6 +139,20 @@ def search_certs(domain, wildcard=True, expired=True, deduplicate=True):
        "not_before": "2018-02-08T15:47:39"
    }
    """
+    
+    cache_key = f"crt_cert:{domain}"
+    
+    # log if caching is turned on or not
+    logger.info(f"CRT Cache is set to: {settings.cache.crt_cache_enabled}")
+
+    if settings.cache.crt_cache_enabled:
+        cached = cache.read(cache_key)
+        if cached:
+            logger.info(f"[CACHE HIT] for CRT Cert: {domain}")
+            return cached
+        else:
+            logger.info(f"[CACHE MISS] for CRT Cert: {domain} - {cache_key}")
+
    base_url = "https://crt.sh/?q={}&output=json"
    if not expired:
        base_url = base_url + "&exclude=expired"
@@ -153,11 +169,21 @@ def search_certs(domain, wildcard=True, expired=True, deduplicate=True):
        try:
            content = req.content.decode('utf-8')
            data = json.loads(content)
+            # if caching
+            if settings.cache.crt_cache_enabled:
+                logger.info(f"Setting Cache for {cache_key}")
+                cache.create(cache_key, data, CRT_DEFAULT_TTL)
            return data
        except ValueError:
            # crt.sh fixed their JSON response. This shouldn't be necessary anymore
            # https://github.com/crtsh/certwatch_db/commit/f4f46ea37c23543c4cdf1a3c8867d68967641807
            data = json.loads("[{}]".format(content.replace('}{', '},{')))
+
+            # if caching
+            if settings.cache.crt_cache_enabled:
+                logger.info(f"Setting Cache for {cache_key}")
+                cache.create(cache_key, data, CRT_DEFAULT_TTL)
+
            return data
        except Exception as err:
            logger.error("Error retrieving cert information from CRT.sh.")
@@ -200,6 +226,7 @@ def gather_crtsh_certs_for_target(target):
        hostname = parse_target_to_host(target)
        result["hostname"] = hostname

+        # return fake return if no hostname was able to be parsed
        if hostname is None:
            return result

@@ -209,6 +236,7 @@ def gather_crtsh_certs_for_target(target):

        # Always query crt.sh for the specific hostname
        # (expired=False means we filter expired)
+
        host_certs = search_certs(hostname, wildcard=False, expired=False)
        result["crtsh"]["host_certs"] = host_certs