I am looking for a feed of all certs in order to support monitoring users that are registering Certs with the intent to use to support phishing campaigns.
We publish all Let's Encrypt issued certificates to the Certificate Transparency ecosystem. Presently we submit to ct.googleapis.com/icarus. You will probably find the crt.sh front end to CT useful.
CPU - This is fantastic. Thanks a ton!
1 Like
also check out tools such as this https://github.com/eriktews/certificate-transparency-tools
Which will allow you to retrieve the certificates programatically from CT servers.
I usually store each cert (PEM format) on disk (the script is fairly easy to modify) and then run openssl to extract metdata into a database such as Elastic or splunk (for queries and searching, trends etc)
I have also seen some CT servers which will give you access to their PostgresSQL databases however I find downloading the certificates and doing your own parsing is more flexible.
Hope this helps
Andrei
last two bits
A) have a look at the formal documentation for how CT servers should operate (it may give you a better idea of how to modify the scripts - for example what the log formats are). https://tools.ietf.org/html/rfc6962
B) Another example of how to use SQL to query CT databases and retrieve data: Adjustments to the Let's Encrypt Statistics methodology
Andrei
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.