This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// curl -s 'https://ct1.digicert-ct.com/log/ct/v1/get-entries?start=0&end=0' | jq . | |
{ | |
"entries": [ | |
{ | |
"leaf_input": "AAAAAAFIyfaldAAAAAcDMIIG/zCCBeegAwIBAgIQBnEXzRy4ia2KEDMQEa+lMjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDkzMDAwMDAwMFoXDTE1MTAwNTEyMDAwMFowggEOMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRVdGFoMRUwEwYDVQQFEww1Mjk5NTM3LTAxNDIxEjAQBgNVBAkTCVN1aXRlIDUwMDEkMCIGA1UECRMbMjYwMCBXZXN0IEV4ZWN1dGl2ZSBQYXJrd2F5MQ4wDAYDVQQREwU4NDA0MzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxDTALBgNVBAcTBExlaGkxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMRwwGgYDVQQDExNjdDEuZGlnaWNlcnQtY3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyysV+OCPSn5MnCri+xQk7v+iOuA8EoSNUJqvTA95F1OEPzK0szO7seL6NlHPS4/Qkza9/l4d5AyZN7z7GHz1T955WiOmFOxlt3x5wrPUnsUJoEcv9fGfb6rjRdPKxgTJP+0EVup/jV0uvokyRkNzABhZOHi023gMkuudh75yOiYUYllUij0mQR/ZBMRg7Iigj2o9t/zKyHHY |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"name": "url", | |
"type": "STRING", | |
"mode": "REQUIRED" | |
}, | |
{ | |
"mode": "REQUIRED", | |
"name": "cert_index", | |
"type": "INTEGER" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT | |
all_dns_names | |
FROM | |
[ctl-lists:certificate_data.scan_data] | |
WHERE | |
(REGEXP_MATCH(all_dns_names,r'\b?xn\-\-')) | |
AND NOT all_dns_names CONTAINS 'cloudflare' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT | |
all_dns_names | |
FROM | |
[ctl-lists:certificate_data.scan_data] | |
WHERE | |
(REGEXP_MATCH(all_dns_names,r'.*\.coinbase.com[\s$]?')) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT | |
url, | |
COUNT(*) AS total_certs | |
FROM | |
[ctl-lists:certificate_data.scan_data] | |
WHERE | |
(REGEXP_MATCH(all_dns_names,r'.*flowers-to-the-world.*')) | |
GROUP BY | |
url | |
ORDER BY |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
import locale | |
locale.setlocale(locale.LC_ALL, 'en_US') | |
ctl_log = requests.get('https://www.gstatic.com/ct/log_list/log_list.json').json() | |
total_certs = 0 | |
human_format = lambda x: locale.format('%d', x, grouping=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import certstream | |
import base64 | |
NEEDLE = "paypal" | |
# Search for domains with a keyword in them and write the corresponding certificate to a file | |
def certstream_callback(message): | |
if message['message_type'] == "certificate_update": | |
all_domains = message['data']['leaf_cert']['all_domains'] | |
if NEEDLE.lower() in " ".join(all_domains).lower(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
string = sys.argv[-1] | |
lines = [] | |
print "String length : %d" % len(string) | |
print "Opcodes to push this string onto the stack :" | |
for i in range(0,len(string),4): | |
line = string[:4] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
certstream --json | \ | |
jq -r '.data | [ (.seen|floor|tostring), (.leaf_cert.all_domains[0]|split(".")|.[-1]), .chain[0].subject.CN, "200", "0" ] | join("|")' | \ | |
logstalgia -g "Certificate Authorities,CODE=^200,0" --hide-response-code --hide-paddle --path-abbr-depth -1 --no-bounce -s 2 --address-abbr-depth -1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import certstream | |
import json | |
import requests | |
# Set the webhook_url to the one provided by Slack when you create the webhook at https://my.slack.com/services/new/incoming-webhook/ | |
WEBHOOK_URL = os.environ["SLACK_WEBHOOK_URL"] | |
NEEDLE = "coinbase" | |
# Search for domains with a keyword in them and write the corresponding certificate to a file |