This article is a followup to my previous post about testssl.sh-processor. In short, now that I had mass execution of many endpoints, I now needed to be able to do something with all the testssl.sh command invocation JSON result files laying around.
My goal was to be able to react to each JSON result file output by testssl.sh, analyze the results and basically notify a Slack channel and copy the offending result file off to another location (if vulnerabilities or expiration were found). In and of itself this use-case was pretty common, however I wanted to code something that was a bit more configurable; a generic reactive engine for testssl.sh JSON result files.
The result of this was another daemon that you could drop into a larger pipeline called testssl.sh-alerts on github (https://github.com/bitsofinfo/testssl.sh-alerts)
This daemon monitors a directory for new testssl.sh JSON result output files, evaluates them using ObjectPath expressions to trigger events which can be reacted to in different ways such as sending Slack alerts, copying JSON result files to a new location or anything else you with do do. You can implement a simple python
Reactor with a
handleTriggers method and do whatever you want to extend the available functionality.
The entire project is configurable via YAML config files that let you configure the “triggers” that will evaluate the JSON results, then trip one or more “reactors” to do something. (such as send a Slack alert or copy a file). If thats not enough you can easily implement your own “Reactors” to do something else (i.e. throw a message into a Kafka queue or whatever).
The best place to start is to check out the docs at https://github.com/bitsofinfo/testssl.sh-alerts and go from there.
This is currently being used in my use-case to evaluate the results of hundreds of testssl.sh JSON result files generated many times daily which are ultimately produced by testssl.sh-processor. I hope you find it useful as well!