Git Product home page Git Product logo

crtsh's Introduction

crtsh

crtsh is crt.sh Golang utility

Installation

go get github.com/famasoon/crtsh

Usage

crtsh has some option.

-q option

The -q option is to query to https://crt.sh The result is dictionary items which looks like this:

$ crtsh -q example.com
{
  Index: 1
  Issuer CA ID: 1191
  Issuer Name: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
  Name: example.com
  Min Cert ID: 987119772
  Min Entry TimeStamp: 2018-11-29T13:44:14.118
  Not Before: 2018-11-28T00:00:00
  Not After: 2020-12-02T12:00:00
  Donwload Pem file: https://crt.sh/?d=987119772
}
{
  Index: 2
  Issuer CA ID: 1191
  Issuer Name: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
  Name: example.com
  Min Cert ID: 984858191
  Min Entry TimeStamp: 2018-11-28T21:20:12.606
  Not Before: 2018-11-28T00:00:00
  Not After: 2020-12-02T12:00:00
  Donwload Pem file: https://crt.sh/?d=984858191
}
{
  Index: 3
  Issuer CA ID: 1465
  Issuer Name: C=US, O="thawte, Inc.", CN=thawte SSL CA - G2
  Name: example.com
  Min Cert ID: 24564717
  Min Entry TimeStamp: 2016-07-14T07:55:01.55
  Not Before: 2016-07-14T00:00:00
  Not After: 2017-07-14T23:59:59
  Donwload Pem file: https://crt.sh/?d=24564717
}
{
  Index: 4
  Issuer CA ID: 1465
  Issuer Name: C=US, O="thawte, Inc.", CN=thawte SSL CA - G2
  Name: example.com
  Min Cert ID: 24560643
  Min Entry TimeStamp: 2016-07-14T07:30:08.461
  Not Before: 2016-07-14T00:00:00
  Not After: 2018-07-14T23:59:59
  Donwload Pem file: https://crt.sh/?d=24560643
}
{
  Index: 5
  Issuer CA ID: 1465
  Issuer Name: C=US, O="thawte, Inc.", CN=thawte SSL CA - G2
  Name: example.com
  Min Cert ID: 24560621
  Min Entry TimeStamp: 2016-07-14T07:25:01.93
  Not Before: 2016-07-14T00:00:00
  Not After: 2017-07-14T23:59:59
  Donwload Pem file: https://crt.sh/?d=24560621
}
{
  Index: 6
  Issuer CA ID: 1449
  Issuer Name: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4
  Name: example.com
  Min Cert ID: 24558997
  Min Entry TimeStamp: 2016-07-14T06:40:02.4
  Not Before: 2016-07-14T00:00:00
  Not After: 2018-07-14T23:59:59
  Donwload Pem file: https://crt.sh/?d=24558997
}
{
  Index: 7
  Issuer CA ID: 1397
  Issuer Name: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
  Name: example.com
  Min Cert ID: 10557607
  Min Entry TimeStamp: 2015-11-05T14:51:33.941
  Not Before: 2015-11-03T00:00:00
  Not After: 2018-11-28T12:00:00
  Donwload Pem file: https://crt.sh/?d=10557607
}
{
  Index: 8
  Issuer CA ID: 1397
  Issuer Name: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
  Name: example.com
  Min Cert ID: 5857507
  Min Entry TimeStamp: 2014-12-11T14:36:57.201
  Not Before: 2014-11-06T00:00:00
  Not After: 2015-11-13T12:00:00
  Donwload Pem file: https://crt.sh/?d=5857507
}

And -q option can use -o option.

The -o option only enumerates domains.

$ crtsh -q example.com -o
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com

This option can query to use wildcard (% = wildcard) and _ (_ = completing input)

For Example:

$ crtsh -q %.example.com -o
www.example.com
www.example.com
www.example.com
*.example.com
*.example.com
m.example.com
www.example.com
dev.example.com
products.example.com
support.example.com
www.example.com
www.example.com
www.example.com

We can extract unique URL.

$ crtsh -q %.example.com -o | sort | uniq 
*.example.com
dev.example.com
m.example.com
products.example.com
support.example.com
www.example.com

For Example _ used:

$ crtsh -q kaspe_sky.com -o
kaspersky.com
kaspevsky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspessky.com
kaspezsky.com
kaspersky.com
kaspe2sky.com
kaspebsky.com
kaspepsky.com
kaspezsky.com
kaspevsky.com
kaspessky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com
kaspersky.com

It can find URLs for Typosquatting.

-cn option

The -cn option query CommonName. And this option also can use -o option. For Example: crtsh -cn <CommonName>

$ crtsh -cn test
{
  Index: 1
  Issuer CA ID: 6831
  Issuer Name: C=BE, O=GlobalSign nv-sa, CN=GlobalSign PersonalSign 2 CA - G2
  Name: Test
  Min Cert ID: 197744191
  Min Entry TimeStamp: 2017-08-24T18:23:36.43
  Not Before: 2014-07-31T20:44:32
  Not After: 2015-08-01T20:44:32
  Donwload Pem file: https://crt.sh/?d=197744191
}
{
  Index: 2
  Issuer CA ID: 750
  Issuer Name: [email protected], L=Chacao, ST=Miranda, OU=Proveedor de Certificados PROCERT, O=Sistema Nacional de Certificacion Electronica, C=VE, CN=PSCProcert
  Name: test
  Min Cert ID: 197155020
  Min Entry TimeStamp: 2017-08-23T22:07:22.88
  Not Before: 2017-08-23T13:05:28
  Not After: 2018-08-23T13:05:28
  Donwload Pem file: https://crt.sh/?d=197155020
}
{
  Index: 3
  Issuer CA ID: 750
  Issuer Name: [email protected], L=Chacao, ST=Miranda, OU=Proveedor de Certificados PROCERT, O=Sistema Nacional de Certificacion Electronica, C=VE, CN=PSCProcert
  Name: test
  Min Cert ID: 197073488
  Min Entry TimeStamp: 2017-08-23T19:42:20.529
  Not Before: 2017-08-23T13:11:13
  Not After: 2018-08-23T13:11:13
  Donwload Pem file: https://crt.sh/?d=197073488
}
{
  Index: 4
  Issuer CA ID: 1715
  Issuer Name: C=CN, O=CNNIC SHA256 SSL, CN=CNNIC SHA256 SSL
  Name: test
  Min Cert ID: 7096879
  Min Entry TimeStamp: 2015-04-08T00:24:19.637
  Not Before: 2014-12-12T06:08:52
  Not After: 2015-12-12T06:08:52
  Donwload Pem file: https://crt.sh/?d=7096879
}
{
  Index: 5
  Issuer CA ID: 1715
  Issuer Name: C=CN, O=CNNIC SHA256 SSL, CN=CNNIC SHA256 SSL
  Name: test
  Min Cert ID: 7096563
  Min Entry TimeStamp: 2015-04-08T00:11:13.016
  Not Before: 2014-12-14T12:00:54
  Not After: 2015-12-14T12:00:54
  Donwload Pem file: https://crt.sh/?d=7096563
}
{
  Index: 6
  Issuer CA ID: 29
  Issuer Name: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3
  Name: test
  Min Cert ID: 4202482
  Min Entry TimeStamp: 2014-05-22T23:21:36.633
  Not Before: 2011-07-28T00:00:00
  Not After: 2014-08-01T12:00:00
  Donwload Pem file: https://crt.sh/?d=4202482
}
{
  Index: 7
  Issuer CA ID: 29
  Issuer Name: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3
  Name: test
  Min Cert ID: 4202481
  Min Entry TimeStamp: 2014-05-22T23:21:33.786
  Not Before: 2011-07-28T00:00:00
  Not After: 2014-08-01T12:00:00
  Donwload Pem file: https://crt.sh/?d=4202481
}

-i option

The -i option parse pem file. If you set this option, you can enumerate DNS records that was implanted pem file. I will add more features.

For Example: crtsh -i <Min Cert ID>

$ crtsh -i 5857507
CertID: 5857507
Enumrate DNS Names:
www.example.org
example.com
example.edu
example.net
example.org
www.example.com
www.example.edu
www.example.net

Importing

import (
    "github.com/famasoon/crtsh/ctlog"
    "github.com/famasoon/crtsh/parser"
)

Getting start

For example: Finding URL for Typosquatting, and enumerate other Typosquatting URLs with CT logs(pem file)

  1. Find URL for Typosquatting
$ crtsh -q kaspe_sky.com
{
  Index: 1
  Issuer CA ID: 1191
  Issuer Name: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
  Name: kaspersky.com
  Min Cert ID: 2114755056
  Min Entry TimeStamp: 2019-11-15T11:51:37.847
  Not Before: 2019-11-15T00:00:00
  Not After: 2021-11-19T12:00:00
  Donwload Pem file: https://crt.sh/?d=2114755056
}
{
  Index: 2
  Issuer CA ID: 9324
  Issuer Name: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
  Name: kaspevsky.com
  Min Cert ID: 2106245075
  Min Entry TimeStamp: 2019-11-13T12:16:22.861
  Not Before: 2019-03-19T00:00:00
  Not After: 2020-04-19T12:00:00
  Donwload Pem file: https://crt.sh/?d=2106245075
}
===snip===

Min Cert ID:2106245075 looks like using URL for Typosquatting.

  1. Enumerate other URL with CT log
$ crtsh -i 2106245075
CertID: 2106245075
Enumrate DNS Names:
kaspevsky.com
*.kaspevsky.com
kaspursky.com
*.kaspursky.com
kasperqky.com
*.kasperqky.com
kaspgrsky.com
*.kaspgrsky.com
kasxersky.com
*.kasxersky.com

This certificate included URLs for other Typosquatting ๐Ÿค”

Credit

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.