crt.sh + Steampipe
crt.sh provides a searchable database of certificate transparency logs.
Certificate Transparency is an Internet security standard and open source framework for monitoring and auditing digital certificates. The standard creates a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
Query certificates for a domain:
select dns_names, not_afterfrom crtsh_certificatewhere query = 'steampipe.io';
+------------------------+---------------------------+| dns_names | not_after |+------------------------+---------------------------+| ["steampipe.io"] | 2022-10-24T08:48:52-04:00 || ["cloud.steampipe.io"] | 2022-10-20T22:56:08-04:00 |+------------------------+---------------------------+
Enumerate and discover subdomains for a given domain:
with raw_domains as ( -- Search for any certificates matching steampipe.io select distinct jsonb_array_elements_text(dns_names) as domain from crtsh_certificate where query = 'steampipe.io')select *from raw_domainswhere -- filter out mixed domains (e.g. from shared status page services) domain like '%steampipe.io'order by domain;
+--------------------+| domain |+--------------------+| cloud.steampipe.io || hub.steampipe.io || steampipe.io || www.steampipe.io |+--------------------+
Documentation
Get started
Install
Download and install the latest crt.sh plugin:
steampipe plugin install crtsh
Configuration
Installing the latest crtsh plugin will create a config file (~/.steampipe/config/crtsh.spc
) with a single connection named crtsh
:
connection "crtsh" { plugin = "crtsh"}
Get involved
- Open source: https://github.com/turbot/steampipe-plugin-crtsh
- Community: Slack Channel