I am looking for a feed of all certs in order to support monitoring users that are registering Certs with the intent to use to support phishing campaigns.
CPU - This is fantastic. Thanks a ton!
also check out tools such as this https://github.com/eriktews/certificate-transparency-tools
Which will allow you to retrieve the certificates programatically from CT servers.
I usually store each cert (PEM format) on disk (the script is fairly easy to modify) and then run openssl to extract metdata into a database such as Elastic or splunk (for queries and searching, trends etc)
I have also seen some CT servers which will give you access to their PostgresSQL databases however I find downloading the certificates and doing your own parsing is more flexible.
Hope this helps
last two bits
A) have a look at the formal documentation for how CT servers should operate (it may give you a better idea of how to modify the scripts - for example what the log formats are). https://tools.ietf.org/html/rfc6962
B) Another example of how to use SQL to query CT databases and retrieve data: Adjustments to the Let's Encrypt Statistics methodology
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.