ArclineIT/audit
1
0
Fork 0
Code Issues 28 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
audit/todo.md
Blake Ridgway cfa43ab306 init commit
2026-03-21 17:59:10 -05:00

2.6 KiB
Raw Permalink Blame History

arcline-audit — Full Site Health Auditor

One command, full picture. SSL, HTTP headers, DNS, redirects, open ports. Useful for onboarding new Arcline customers and diagnosing issues.

Stack

  • Language: Go
  • Distribution: single static binary
  • No runtime dependencies

Checks

SSL / TLS

  • Certificate validity (not expired, not self-signed)
  • Expiry date + days remaining
  • Certificate chain completeness
  • TLS version (flag TLS 1.0/1.1 as insecure)
  • Cipher suite warnings

HTTP

  • Redirect chain (301/302 hops, detect loops)
  • Final URL after redirects
  • Security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
  • Server header disclosure
  • Response time (ms)

DNS

  • A / AAAA records
  • MX records present
  • SPF, DKIM, DMARC records
  • DNSSEC enabled
  • PTR / rDNS match

Infrastructure

  • IP → ASN / org (via arcline-check internals)
  • CDN detection (reuse arcline-check logic)
  • Common ports: 80, 443, 22, 3306, 5432 (report open/closed, don't scan)

CLI interface

arcline-audit example.com
arcline-audit example.com --checks ssl,dns,headers
arcline-audit example.com --json
arcline-audit example.com --out report.txt

Output format

$ arcline-audit example.com

  ── SSL ────────────────────────────────────────────────
  [OK]  valid certificate
  [OK]  expires in 84 days (2026-06-01)
  [OK]  TLS 1.3
  [WARN] no HSTS header

  ── HTTP ───────────────────────────────────────────────
  [OK]  redirects http → https (1 hop)
  [OK]  response time 42ms
  [WARN] Server header disclosed: Apache/2.4.58

  ── DNS ────────────────────────────────────────────────
  [OK]  A record: 203.0.113.42
  [OK]  MX records present (2)
  [OK]  SPF record found
  [WARN] no DMARC record

  ── Infrastructure ─────────────────────────────────────
  [OK]  not behind a CDN
  [OK]  ASN: AS64496 Example ISP

Tasks

  • Project scaffold + shared internal packages (reuse arcline-check logic)
  • SSL checker module
  • HTTP header fetcher + security header grader
  • Redirect chain follower
  • DNS checker module (A, MX, SPF, DKIM, DMARC, DNSSEC)
  • Report renderer (terminal + JSON + plain text)
  • --checks filter flag
  • Cross-compile Makefile
  • README
  • GitLab CI release