turbot/crtsh

GitHub
steampipe plugin install crtshsteampipe plugin install crtsh

crt.sh + Steampipe

crt.sh provides a searchable database of certificate transparency logs.

Certificate Transparency is an Internet security standard and open source framework for monitoring and auditing digital certificates. The standard creates a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Query certificates for a domain:

select
dns_names,
not_after
from
crtsh_certificate
where
query = 'steampipe.io';
+------------------------+---------------------------+
| dns_names | not_after |
+------------------------+---------------------------+
| ["steampipe.io"] | 2022-10-24T08:48:52-04:00 |
| ["cloud.steampipe.io"] | 2022-10-20T22:56:08-04:00 |
+------------------------+---------------------------+

Enumerate and discover subdomains for a given domain:

with raw_domains as (
-- Search for any certificates matching steampipe.io
select distinct
jsonb_array_elements_text(dns_names) as domain
from
crtsh_certificate
where
query = 'steampipe.io'
)
select
*
from
raw_domains
where
-- filter out mixed domains (e.g. from shared status page services)
domain like '%steampipe.io'
order by
domain;
+--------------------+
| domain |
+--------------------+
| cloud.steampipe.io |
| hub.steampipe.io |
| steampipe.io |
| www.steampipe.io |
+--------------------+

Documentation

Get started

Install

Download and install the latest crt.sh plugin:

steampipe plugin install crtsh

Configuration

Installing the latest crtsh plugin will create a config file (~/.steampipe/config/crtsh.spc) with a single connection named crtsh:

connection "crtsh" {
plugin = "crtsh"
}

Get involved