Certificate Transparency Log Explorer

Posted by benswerd 1 day ago

Counter32Comment10OpenOriginal

Comments

Comment by arwt 23 hours ago

I implemented something similar a while back (exists just as a portfolio demo now: subpinger (dot) interrupt (dot) sh).

If you want go for that sort of "live" feeling, you should consider implementing websocket streaming instead of HTTP polling, it will feel a lot nicer for users.

Are you actually ingesting certificates or are you just showing a stream of entries from different logs? I figure the former as nothing seems to be searchable -- and ingesting this data can get very expensive very quickly.

Nevertheless, cool project! I am constantly thinking about ways to turn CT log data into meaningful, actionable streams for others. If you'd be up for working on something together, give me a shout!

Comment by benswerd 20 hours ago

This is super basic, no caching or persistence at all, straight polling the streams and forwarding to the client.

Would love to chat, my contact is public on my profile, send a msg.

Comment by vasilzhigilei 1 day ago

Oh hi Ben. Interesting to read about attackers using CT log to find out which sites are new in order to try to login to admin pages first. Didn't know about this before, creative use of a CT log.

Comment by dannyobrien 1 day ago

This is fascinating; thank you for building it. (I also enjoyed watching the flurry of visitors as soon as my Let's Encrypt certificate got assigned. It's a Dark Forest out there!)

Comment by benswerd 1 day ago

I've been thinking a lot today about how these bots change with just a little bit more intelligence. Kinda terrifying.

Comment by radicality 1 day ago

Nice, thanks. What are the different options (log streams?) you can select? I read the info box but it isn’t super clear. I figure the numbers are a year - how come there are 2027 ones with data being populated ? And how come something like ‘Argon2025h2’ also has data from ‘1h’ ago? I would expect data only on the 2026h1 - or are these some kind of shards but with weird year naming ?

Comment by agwa 1 day ago

Logs are sharded by the expiration date of the certificate, not the issuance date, so you should expect to see growth in shards covering the next 398 days (the maximum lifetime of certificates).

As for the 2025h2 logs, these will not be acquiring any newly-issued certificates, but someone might be copying previously-issued certificates from other logs.

Comment by benswerd 1 day ago

TBH not clear because I'm not clear on it. I believe the naming scheme is nonstandard across providers and not a requirement as part of the standards.

Comment by JB_Dev 21 hours ago

My goto has been crt.sh for a few years

Comment by goinghjuk 1 day ago

there are a ton of domains of the format 8chars.something.de

a lot of them are related to check24.de