From cfa43ab306587d3a18b1825c48fcf8f4208efec3 Mon Sep 17 00:00:00 2001 From: Blake Ridgway Date: Sat, 21 Mar 2026 17:59:10 -0500 Subject: [PATCH] init commit --- README.md | 34 +++++++++++++++++++++++ todo.md | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) create mode 100644 README.md create mode 100644 todo.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..6999659 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# arcline-audit + +One-command site health auditor. Checks SSL, HTTP security headers, DNS records, redirect chains, and basic infrastructure info for any domain. + +Useful for onboarding new clients and producing a quick written report before an engagement starts. + +## Status + +Planned. Not yet started. + +## Stack + +- Go — single static binary, no runtime dependencies +- Reuses internal packages from `arcline-check` (ASN/CDN detection) + +## Usage + +```sh +arcline-audit example.com +arcline-audit example.com --checks ssl,dns,headers +arcline-audit example.com --json +arcline-audit example.com --out report.txt +``` + +## Checks + +| Group | What it checks | +|---|---| +| SSL/TLS | Validity, expiry, chain, TLS version, cipher warnings | +| HTTP | Redirect chain, security headers, server disclosure, response time | +| DNS | A/AAAA, MX, SPF, DKIM, DMARC, DNSSEC, rDNS match | +| Infrastructure | ASN/org, CDN detection, common open ports | + +See [todo.md](todo.md) for the full task list and output format spec. diff --git a/todo.md b/todo.md new file mode 100644 index 0000000..bf3f830 --- /dev/null +++ b/todo.md @@ -0,0 +1,82 @@ +# arcline-audit — Full Site Health Auditor + +One command, full picture. SSL, HTTP headers, DNS, redirects, open ports. +Useful for onboarding new Arcline customers and diagnosing issues. + +## Stack +- Language: Go +- Distribution: single static binary +- No runtime dependencies + +## Checks +### SSL / TLS +- [ ] Certificate validity (not expired, not self-signed) +- [ ] Expiry date + days remaining +- [ ] Certificate chain completeness +- [ ] TLS version (flag TLS 1.0/1.1 as insecure) +- [ ] Cipher suite warnings + +### HTTP +- [ ] Redirect chain (301/302 hops, detect loops) +- [ ] Final URL after redirects +- [ ] Security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy +- [ ] Server header disclosure +- [ ] Response time (ms) + +### DNS +- [ ] A / AAAA records +- [ ] MX records present +- [ ] SPF, DKIM, DMARC records +- [ ] DNSSEC enabled +- [ ] PTR / rDNS match + +### Infrastructure +- [ ] IP → ASN / org (via arcline-check internals) +- [ ] CDN detection (reuse arcline-check logic) +- [ ] Common ports: 80, 443, 22, 3306, 5432 (report open/closed, don't scan) + +## CLI interface +``` +arcline-audit example.com +arcline-audit example.com --checks ssl,dns,headers +arcline-audit example.com --json +arcline-audit example.com --out report.txt +``` + +## Output format +``` +$ arcline-audit example.com + + ── SSL ──────────────────────────────────────────────── + [OK] valid certificate + [OK] expires in 84 days (2026-06-01) + [OK] TLS 1.3 + [WARN] no HSTS header + + ── HTTP ─────────────────────────────────────────────── + [OK] redirects http → https (1 hop) + [OK] response time 42ms + [WARN] Server header disclosed: Apache/2.4.58 + + ── DNS ──────────────────────────────────────────────── + [OK] A record: 203.0.113.42 + [OK] MX records present (2) + [OK] SPF record found + [WARN] no DMARC record + + ── Infrastructure ───────────────────────────────────── + [OK] not behind a CDN + [OK] ASN: AS64496 Example ISP +``` + +## Tasks +- [ ] Project scaffold + shared internal packages (reuse arcline-check logic) +- [ ] SSL checker module +- [ ] HTTP header fetcher + security header grader +- [ ] Redirect chain follower +- [ ] DNS checker module (A, MX, SPF, DKIM, DMARC, DNSSEC) +- [ ] Report renderer (terminal + JSON + plain text) +- [ ] --checks filter flag +- [ ] Cross-compile Makefile +- [ ] README +- [ ] GitLab CI release