I have a question about CT logs and I can’t find much info. I’m trying do make some statistics based on CT log query (for my thesis) but I’m struggling.
I found different results on censys.io than crt.sh (more results on crt.sh) but “wildcard” is not totally working on crt.sh
I tried to get info based on “wildcard query” like %word% on censys.io it works but not on crt. On crt.sh only word% seems to work.
So my question is, is it possible to do that on crt.sh (it seems to have more info there than on Censys) ? If yes, how ? I’m asking because the site seems to crash every time I ran a quite big query.
I also have a second question. I saw on crt.sh that Let’s Encrypt has 2 CAID (7395 and 16418). Does Let’s Encrypt have more than these 2 ?
The most recent redesign of crt.sh broke some types of wildcard queries via the website, however, they are still available if you connect to the Postgres database directly:
However, you may find that creating such queries may use the database indexes suboptimally and take too long. It could be better to download a cold dataset from scans.io or rapid7 sonar, or crawl CT logs on your own without using an aggregator.
Let's Encrypt currently only issues from 16418, which is Let's Encrypt Authority X3.
7395 is Let's Encrypt Authority X1, and will never issue another certificate.
The next intermediate is Let's Encrypt Authority X4 (16429), which would be used as a backup.
My observation over the past few years has been that censys is usually more up-to-date than crt.sh. But it's to be expected, they are a largely commercial offering, while crt.sh has all us freeloaders hammering their database, not requiring any kind of registration.
Assuming https://censys.io/reports/ctstatus is the current list of CT logs that Censys crawls, they crawl a somewhat different set of logs than crt.sh does: crt.sh crawls ~all ~current production logs (including proposed logs that are in testing) while Censys also monitors some test logs but leaves out some production logs (like Let’s Encrypt Oak!).
Since precertificates are normally logged to multiple logs, Censys probably doesn’t have much less information than crt.sh does, though.