Releases: ryolution/cerberus-ct
Releases · ryolution/cerberus-ct
Release list
v1.1.0 - Static CT Verification Hardening
Highlights
- Added trusted Static CT checkpoint verification with signed-note parsing and RFC6962 tree-head signature validation.
- Hardened Static CT monitoring with safer trusted/untrusted source construction, Merkle helpers, and stricter diagnostic labeling.
- Improved operational durability with bounded dead-letter state, safer Windows state replacement, and packaged example state.
- Added webhook HMAC signing support.
- Strengthened DNS enrichment with validated concurrency, improved response classification, and packaged takeover fingerprints.
- Improved homoglyph detection using Unicode security skeletons.
- Moved runtime datasets into the packaged core crate so release artifacts verify correctly.
- Updated examples, README, usage docs, CI toolchain setup, dependency audit policy, and release metadata.
Verification
cargo check --workspacecargo fmt --all -- --checkcargo package --workspace --allow-dirtycargo test --workspacecargo clippy --workspace --all-targets -- -D warningscargo auditcargo deny check advisories licenses bans sources
Cerberus CT v1.0.0
Cerberus CT v1.0.0 is the first stable release of the project.
Cerberus CT is a Rust based Static Certificate Transparency monitoring tool that turns CT checkpoints and data tiles into structured phishing, brand abuse, DNS enrichment, and DNS exposure alerts.
Highlights:
- Static CT checkpoint and tile ingestion
- Static CT data tile decoding
- X.509 certificate parsing and SAN extraction
- keyword, brand, typosquat, homoglyph, and punycode detection
- DNS enrichment with IP and CNAME evidence
- conservative subdomain takeover candidate checks
- grouped JSON alerts and webhook output
- persistent watch mode with local state
- rule controls for score thresholds and suffix allowlisting
- realistic and demo example configurations