init commit

README.md

@@ -0,0 +1,34 @@
+# arcline-audit
+
+One-command site health auditor. Checks SSL, HTTP security headers, DNS records, redirect chains, and basic infrastructure info for any domain.
+
+Useful for onboarding new clients and producing a quick written report before an engagement starts.
+
+## Status
+
+Planned. Not yet started.
+
+## Stack
+
+- Go — single static binary, no runtime dependencies
+- Reuses internal packages from `arcline-check` (ASN/CDN detection)
+
+## Usage
+
+```sh
+arcline-audit example.com
+arcline-audit example.com --checks ssl,dns,headers
+arcline-audit example.com --json
+arcline-audit example.com --out report.txt
+```
+
+## Checks
+
+| Group | What it checks |
+|---|---|
+| SSL/TLS | Validity, expiry, chain, TLS version, cipher warnings |
+| HTTP | Redirect chain, security headers, server disclosure, response time |
+| DNS | A/AAAA, MX, SPF, DKIM, DMARC, DNSSEC, rDNS match |
+| Infrastructure | ASN/org, CDN detection, common open ports |
+
+See [todo.md](todo.md) for the full task list and output format spec.

todo.md

@@ -0,0 +1,82 @@
+# arcline-audit — Full Site Health Auditor
+
+One command, full picture. SSL, HTTP headers, DNS, redirects, open ports.
+Useful for onboarding new Arcline customers and diagnosing issues.
+
+## Stack
+- Language: Go
+- Distribution: single static binary
+- No runtime dependencies
+
+## Checks
+### SSL / TLS
+- [ ] Certificate validity (not expired, not self-signed)
+- [ ] Expiry date + days remaining
+- [ ] Certificate chain completeness
+- [ ] TLS version (flag TLS 1.0/1.1 as insecure)
+- [ ] Cipher suite warnings
+
+### HTTP
+- [ ] Redirect chain (301/302 hops, detect loops)
+- [ ] Final URL after redirects
+- [ ] Security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
+- [ ] Server header disclosure
+- [ ] Response time (ms)
+
+### DNS
+- [ ] A / AAAA records
+- [ ] MX records present
+- [ ] SPF, DKIM, DMARC records
+- [ ] DNSSEC enabled
+- [ ] PTR / rDNS match
+
+### Infrastructure
+- [ ] IP → ASN / org (via arcline-check internals)
+- [ ] CDN detection (reuse arcline-check logic)
+- [ ] Common ports: 80, 443, 22, 3306, 5432 (report open/closed, don't scan)
+
+## CLI interface
+```
+arcline-audit example.com
+arcline-audit example.com --checks ssl,dns,headers
+arcline-audit example.com --json
+arcline-audit example.com --out report.txt
+```
+
+## Output format
+```
+$ arcline-audit example.com
+
+  ── SSL ────────────────────────────────────────────────
+  [OK]  valid certificate
+  [OK]  expires in 84 days (2026-06-01)
+  [OK]  TLS 1.3
+  [WARN] no HSTS header
+
+  ── HTTP ───────────────────────────────────────────────
+  [OK]  redirects http → https (1 hop)
+  [OK]  response time 42ms
+  [WARN] Server header disclosed: Apache/2.4.58
+
+  ── DNS ────────────────────────────────────────────────
+  [OK]  A record: 203.0.113.42
+  [OK]  MX records present (2)
+  [OK]  SPF record found
+  [WARN] no DMARC record
+
+  ── Infrastructure ─────────────────────────────────────
+  [OK]  not behind a CDN
+  [OK]  ASN: AS64496 Example ISP
+```
+
+## Tasks
+- [ ] Project scaffold + shared internal packages (reuse arcline-check logic)
+- [ ] SSL checker module
+- [ ] HTTP header fetcher + security header grader
+- [ ] Redirect chain follower
+- [ ] DNS checker module (A, MX, SPF, DKIM, DMARC, DNSSEC)
+- [ ] Report renderer (terminal + JSON + plain text)
+- [ ] --checks filter flag
+- [ ] Cross-compile Makefile
+- [ ] README
+- [ ] GitLab CI release