ArclineIT/audit
1
0
Fork 0
Code Issues 28 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
audit/todo.md
Blake Ridgway cfa43ab306 init commit
2026-03-21 17:59:10 -05:00

83 lines
2.6 KiB
Markdown
Raw Permalink Blame History

# arcline-audit — Full Site Health Auditor
One command, full picture. SSL, HTTP headers, DNS, redirects, open ports.
Useful for onboarding new Arcline customers and diagnosing issues.
## Stack
- Language: Go
- Distribution: single static binary
- No runtime dependencies
## Checks
### SSL / TLS
- [ ] Certificate validity (not expired, not self-signed)
- [ ] Expiry date + days remaining
- [ ] Certificate chain completeness
- [ ] TLS version (flag TLS 1.0/1.1 as insecure)
- [ ] Cipher suite warnings
### HTTP
- [ ] Redirect chain (301/302 hops, detect loops)
- [ ] Final URL after redirects
- [ ] Security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
- [ ] Server header disclosure
- [ ] Response time (ms)
### DNS
- [ ] A / AAAA records
- [ ] MX records present
- [ ] SPF, DKIM, DMARC records
- [ ] DNSSEC enabled
- [ ] PTR / rDNS match
### Infrastructure
- [ ] IP → ASN / org (via arcline-check internals)
- [ ] CDN detection (reuse arcline-check logic)
- [ ] Common ports: 80, 443, 22, 3306, 5432 (report open/closed, don't scan)
## CLI interface
```
arcline-audit example.com
arcline-audit example.com --checks ssl,dns,headers
arcline-audit example.com --json
arcline-audit example.com --out report.txt
```
## Output format
```
$ arcline-audit example.com
── SSL ────────────────────────────────────────────────
[OK] valid certificate
[OK] expires in 84 days (2026-06-01)
[OK] TLS 1.3
[WARN] no HSTS header
── HTTP ───────────────────────────────────────────────
[OK] redirects http → https (1 hop)
[OK] response time 42ms
[WARN] Server header disclosed: Apache/2.4.58
── DNS ────────────────────────────────────────────────
[OK] A record: 203.0.113.42
[OK] MX records present (2)
[OK] SPF record found
[WARN] no DMARC record
── Infrastructure ─────────────────────────────────────
[OK] not behind a CDN
[OK] ASN: AS64496 Example ISP
```
## Tasks
- [ ] Project scaffold + shared internal packages (reuse arcline-check logic)
- [ ] SSL checker module
- [ ] HTTP header fetcher + security header grader
- [ ] Redirect chain follower
- [ ] DNS checker module (A, MX, SPF, DKIM, DMARC, DNSSEC)
- [ ] Report renderer (terminal + JSON + plain text)
- [ ] --checks filter flag
- [ ] Cross-compile Makefile
- [ ] README
- [ ] GitLab CI release
Reference in New Issue View Git Blame Copy Permalink