Skip to content
/ CertCrawler Public

This script utilizes cert transparency logs to identify subdomains, identify if they are live, and identify the corresponding organizational ownership

License

CC0-1.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KyleEvers/CertCrawler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
CertCrawler.py
CertCrawler.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CertCrawler 🔒🐍

This script utilizes cert transparency logs to identify subdomains, identify if they are live, and identify the corresponding organizational ownership.

Checking crt.sh for certificates issued matching the target domain, we pull the corresponding "Matching Identities". Once Matching Identities have been identified we make a connection over HTTPS to pull the domain's corresponding certificate information. This cert information may contain an optional fields including "Organization Unit" and "Organization Unit Name" which can be used to identify domain ownership. Certificates can also contain "Subject Alternative Names" or additional domains the certificate is valid for. We recursively parse through all the "Subject Alternative Names" repeating the connection process.

Getting Started

CertCrawler requires 3.7+. Python 2 is not supported.

To run the tool locally from the repository, first install the requirements:

pip install -r requirements.txt

Usage and examples

python CertCrawler.py -d example.com
python CertCrawler.py -d .gov -t 10
python CertCrawler.py -d example.com -o sample_domains_output -f json
python CertCrawler.py -d example.com -o sample_domains_output -f csv
python CertCrawler.py -d example.com -o sample_domains_output --log-level info
python CertCrawler.py -d example.com -t 10 -o sample_domains_output -f json --log-level debug
python CertCrawler.py -i domains -t 1

Options

-h --help                              Show this message.
-d DOMAIN                              Pull domains from crt.sh
-o OUTPUT_FILE                         File you want to write output to
-f OUTPUT_FILE_TYPE                    File type for output. Valid output values "csv" and "json". [default: csv]
-i INPUT_FILE                          Load subdomains from file
-t TIMEOUT                             Set timeout for network requests [default:5]
--log-level=LEVEL                      If specified, then the log level will be set to
                                       the specified value.  Valid values are "debug", "info",
                                       "warning", "error", and "critical". [default: critical]

Public domain

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

About

This script utilizes cert transparency logs to identify subdomains, identify if they are live, and identify the corresponding organizational ownership

Resources

Readme

License

CC0-1.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages