# CertSPY - A Crt.sh Python Client
 
CertSPY is a Python client for interfacing with the [crt.sh](https://crt.sh/) website, allowing users to retrieve information on subdomains from SSL certificate transparency logs.
Certificate Transparency (CT) is an open framework aimed at improving the safety of SSL/TLS certificates by creating an open and auditable log of all certificates issued by certificate authorities. It allows for the detection of mistakenly or maliciously issued certificates. In the context of reconnaissance (recon), cybersecurity experts and ethical hackers can utilize CT logs as a rich source of information for mapping the internet landscape. They can extract data about the existence of subdomains of a target domain, revealing potential targets for further investigation or penetration testing. This kind of intel can be vital in identifying vulnerable endpoints, tracking the issuance of new certificates, and generally maintaining a strong security posture against potential cyber threats. The tool crafted in the script leverages CT logs accessible through the crt.sh platform to facilitate such recon efforts, aiding in the timely identification of potential security vulnerabilities.
## Features
- Query subdomain information from crt.sh.
- Support for wildcard and expired certificate queries.
- Command-line interface for easy usage.
- Option to save results to a file.
- Ability to display only the common names of certificates.
## Installation
You can install CertSPY using the `pip` command:
```sh
pip install certspy
```
## Dependencies
- Python 3.x
- `requests` library
## Usage
You can use the client from the command line with the following syntax:
```sh
certspy.py secretcorp.org
```
This will query the crt.sh website for subdomains of `secretcorp.org` and pretty print the JSON output to the console.
```sh
$ python3 certspy.py -h
usage: certspy.py [-h] [--no-wildcard] [--include-expired] [--common-name-only] [--output OUTPUT] domain
CertSPY: A Python client for the crt.sh website to retrieve subdomains information.
Author: Omar Santos (@santosomar).
positional arguments:
domain Domain to search for
optional arguments:
-h, --help show this help message and exit
--no-wildcard Do not prepend a wildcard to the domain.
--include-expired Include expired certificates in the search.
--common-name-only Show only the hostnames in the common name field of the certificate.
--output OUTPUT, -o OUTPUT
Save output to a JSON file. You need to specify the path and name of the output file.
```
For example:
```sh
$ certspy secretcorp.org
[
{
"issuer_ca_id": 183267,
"issuer_name": "C=US, O=Let's Encrypt, CN=R3",
"common_name": "secretcorp.org",
"name_value": "secretcorp.org",
"id": 10254588889,
"entry_timestamp": "2023-08-30T08:49:46.284",
"not_before": "2023-08-30T07:49:06",
"not_after": "2023-11-28T07:49:05",
"serial_number": "046cb5a18ef41e26f9867cfdb61d28452047"
},
{
"issuer_ca_id": 183267,
"issuer_name": "C=US, O=Let's Encrypt, CN=R3",
"common_name": "mail.secretcorp.org",
"name_value": "mail.secretcorp.org",
"id": 10039294064,
"entry_timestamp": "2023-08-01T04:19:56.363",
"not_before": "2023-08-01T03:19:55",
"not_after": "2023-10-30T03:19:54",
"serial_number": "049b42b3d9dfad81b882209188f2dd3416e4"
},
{
"issuer_ca_id": 183267,
"issuer_name": "C=US, O=Let's Encrypt, CN=R3",
"common_name": "app1.secretcorp.org",
"name_value": "app1.secretcorp.org",
"id": 10038384450,
"entry_timestamp": "2023-08-01T01:00:56.816",
"not_before": "2023-08-01T00:00:56",
"not_after": "2023-10-30T00:00:55",
"serial_number": "046bbf0c4112b9c2a1a8b30d8e50c8050264"
},
{
"issuer_ca_id": 183267,
"issuer_name": "C=US, O=Let's Encrypt, CN=R3",
"common_name": "app1.secretcorp.org",
"name_value": "app1.secretcorp.org",
"id": 10101930727,
"entry_timestamp": "2023-08-01T01:00:56.476",
"not_before": "2023-08-01T00:00:56",
"not_after": "2023-10-30T00:00:55",
"serial_number": "046bbf0c4112b9c2a1a8b30d8e50c8050264"
},
{
"issuer_ca_id": 183267,
"issuer_name": "C=US, O=Let's Encrypt, CN=R3",
"common_name": "internal.secretcorp.org",
"name_value": "internal.secretcorp.org",
"id": 10139355714,
"entry_timestamp": "2023-07-31T22:56:26.114",
"not_before": "2023-07-31T21:56:25",
"not_after": "2023-10-29T21:56:24",
"serial_number": "04f8357ed61e079460ed7d0bdb767ac49652"
},
{
"issuer_ca_id": 183267,
"issuer_name": "C=US, O=Let's Encrypt, CN=R3",
"common_name": "internal.secretcorp.org",
"name_value": "internal.secretcorp.org",
"id": 10101183289,
"entry_timestamp": "2023-07-31T22:56:25.812",
"not_before": "2023-07-31T21:56:25",
"not_after": "2023-10-29T21:56:24",
"serial_number": "04f8357ed61e079460ed7d0bdb767ac49652"
},
{
"issuer_ca_id": 183267,
"issuer_name": "C=US, O=Let's Encrypt, CN=R3",
"common_name": "cloud.secretcorp.org",
"name_value": "cloud.secretcorp.org",
"id": 10138072059,
"entry_timestamp": "2023-07-31T20:15:24.822",
"not_before": "2023-07-31T19:15:24",
"not_after": "2023-10-29T19:15:23",
"serial_number": "03efca1ae2f0688ac75231e58a0401716f0f"
},
<output omitted for brevity>
]
```
To show only the common names of the certificates, you can use the `--common-name-only` flag:
```sh
$ certspy secretcorp.org --common-name-only
[
"secretcorp.org",
"mail.secretcorp.org",
"app1.secretcorp.org",
"internal.secretcorp.org",
"cloud.secretcorp.org",
<output omitted for brevity>
]
```
To save the results to a file, you can use the `--output` flag:
```sh
$ certspy secretcorp.org --output results.json
```
## Contribution
Feel free to fork the repository and submit pull requests. For bug reports and feature requests, please create an issue in the GitHub issue tracker.
## License
See [LICENSE](LICENSE) for more details.
Raw data
{
"_id": null,
"home_page": "https://github.com/santosomar/certspy",
"name": "certspy",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "Omar Santos",
"author_email": "santosomar@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/cd/8e/686872da453051c249fa04291eb3ef7eebf915f1ed63f0d6b188c5b6f7dd/certspy-0.9.0.tar.gz",
"platform": null,
"description": "# CertSPY - A Crt.sh Python Client\n \n\nCertSPY is a Python client for interfacing with the [crt.sh](https://crt.sh/) website, allowing users to retrieve information on subdomains from SSL certificate transparency logs.\n\nCertificate Transparency (CT) is an open framework aimed at improving the safety of SSL/TLS certificates by creating an open and auditable log of all certificates issued by certificate authorities. It allows for the detection of mistakenly or maliciously issued certificates. In the context of reconnaissance (recon), cybersecurity experts and ethical hackers can utilize CT logs as a rich source of information for mapping the internet landscape. They can extract data about the existence of subdomains of a target domain, revealing potential targets for further investigation or penetration testing. This kind of intel can be vital in identifying vulnerable endpoints, tracking the issuance of new certificates, and generally maintaining a strong security posture against potential cyber threats. The tool crafted in the script leverages CT logs accessible through the crt.sh platform to facilitate such recon efforts, aiding in the timely identification of potential security vulnerabilities.\n\n## Features\n\n- Query subdomain information from crt.sh.\n- Support for wildcard and expired certificate queries.\n- Command-line interface for easy usage.\n- Option to save results to a file.\n- Ability to display only the common names of certificates.\n\n\n## Installation\n\nYou can install CertSPY using the `pip` command:\n\n```sh\npip install certspy\n```\n\n## Dependencies\n\n- Python 3.x\n- `requests` library\n\n## Usage\n\nYou can use the client from the command line with the following syntax:\n\n```sh\ncertspy.py secretcorp.org\n```\n\nThis will query the crt.sh website for subdomains of `secretcorp.org` and pretty print the JSON output to the console.\n\n```sh\n$ python3 certspy.py -h\nusage: certspy.py [-h] [--no-wildcard] [--include-expired] [--common-name-only] [--output OUTPUT] domain\n\n CertSPY: A Python client for the crt.sh website to retrieve subdomains information.\n Author: Omar Santos (@santosomar).\n\npositional arguments:\n domain Domain to search for\n\noptional arguments:\n -h, --help show this help message and exit\n --no-wildcard Do not prepend a wildcard to the domain.\n --include-expired Include expired certificates in the search.\n --common-name-only Show only the hostnames in the common name field of the certificate.\n --output OUTPUT, -o OUTPUT\n Save output to a JSON file. You need to specify the path and name of the output file.\n```\n\nFor example:\n\n```sh\n$ certspy secretcorp.org\n[\n {\n \"issuer_ca_id\": 183267,\n \"issuer_name\": \"C=US, O=Let's Encrypt, CN=R3\",\n \"common_name\": \"secretcorp.org\",\n \"name_value\": \"secretcorp.org\",\n \"id\": 10254588889,\n \"entry_timestamp\": \"2023-08-30T08:49:46.284\",\n \"not_before\": \"2023-08-30T07:49:06\",\n \"not_after\": \"2023-11-28T07:49:05\",\n \"serial_number\": \"046cb5a18ef41e26f9867cfdb61d28452047\"\n },\n {\n \"issuer_ca_id\": 183267,\n \"issuer_name\": \"C=US, O=Let's Encrypt, CN=R3\",\n \"common_name\": \"mail.secretcorp.org\",\n \"name_value\": \"mail.secretcorp.org\",\n \"id\": 10039294064,\n \"entry_timestamp\": \"2023-08-01T04:19:56.363\",\n \"not_before\": \"2023-08-01T03:19:55\",\n \"not_after\": \"2023-10-30T03:19:54\",\n \"serial_number\": \"049b42b3d9dfad81b882209188f2dd3416e4\"\n },\n {\n \"issuer_ca_id\": 183267,\n \"issuer_name\": \"C=US, O=Let's Encrypt, CN=R3\",\n \"common_name\": \"app1.secretcorp.org\",\n \"name_value\": \"app1.secretcorp.org\",\n \"id\": 10038384450,\n \"entry_timestamp\": \"2023-08-01T01:00:56.816\",\n \"not_before\": \"2023-08-01T00:00:56\",\n \"not_after\": \"2023-10-30T00:00:55\",\n \"serial_number\": \"046bbf0c4112b9c2a1a8b30d8e50c8050264\"\n },\n {\n \"issuer_ca_id\": 183267,\n \"issuer_name\": \"C=US, O=Let's Encrypt, CN=R3\",\n \"common_name\": \"app1.secretcorp.org\",\n \"name_value\": \"app1.secretcorp.org\",\n \"id\": 10101930727,\n \"entry_timestamp\": \"2023-08-01T01:00:56.476\",\n \"not_before\": \"2023-08-01T00:00:56\",\n \"not_after\": \"2023-10-30T00:00:55\",\n \"serial_number\": \"046bbf0c4112b9c2a1a8b30d8e50c8050264\"\n },\n {\n \"issuer_ca_id\": 183267,\n \"issuer_name\": \"C=US, O=Let's Encrypt, CN=R3\",\n \"common_name\": \"internal.secretcorp.org\",\n \"name_value\": \"internal.secretcorp.org\",\n \"id\": 10139355714,\n \"entry_timestamp\": \"2023-07-31T22:56:26.114\",\n \"not_before\": \"2023-07-31T21:56:25\",\n \"not_after\": \"2023-10-29T21:56:24\",\n \"serial_number\": \"04f8357ed61e079460ed7d0bdb767ac49652\"\n },\n {\n \"issuer_ca_id\": 183267,\n \"issuer_name\": \"C=US, O=Let's Encrypt, CN=R3\",\n \"common_name\": \"internal.secretcorp.org\",\n \"name_value\": \"internal.secretcorp.org\",\n \"id\": 10101183289,\n \"entry_timestamp\": \"2023-07-31T22:56:25.812\",\n \"not_before\": \"2023-07-31T21:56:25\",\n \"not_after\": \"2023-10-29T21:56:24\",\n \"serial_number\": \"04f8357ed61e079460ed7d0bdb767ac49652\"\n },\n {\n \"issuer_ca_id\": 183267,\n \"issuer_name\": \"C=US, O=Let's Encrypt, CN=R3\",\n \"common_name\": \"cloud.secretcorp.org\",\n \"name_value\": \"cloud.secretcorp.org\",\n \"id\": 10138072059,\n \"entry_timestamp\": \"2023-07-31T20:15:24.822\",\n \"not_before\": \"2023-07-31T19:15:24\",\n \"not_after\": \"2023-10-29T19:15:23\",\n \"serial_number\": \"03efca1ae2f0688ac75231e58a0401716f0f\"\n },\n <output omitted for brevity>\n]\n```\n\nTo show only the common names of the certificates, you can use the `--common-name-only` flag:\n\n```sh\n$ certspy secretcorp.org --common-name-only\n[\n \"secretcorp.org\",\n \"mail.secretcorp.org\",\n \"app1.secretcorp.org\",\n \"internal.secretcorp.org\",\n \"cloud.secretcorp.org\",\n <output omitted for brevity>\n]\n```\n\nTo save the results to a file, you can use the `--output` flag:\n\n```sh\n$ certspy secretcorp.org --output results.json\n```\n\n\n## Contribution\n\nFeel free to fork the repository and submit pull requests. For bug reports and feature requests, please create an issue in the GitHub issue tracker.\n\n## License\n\nSee [LICENSE](LICENSE) for more details.\n\n\n\n",
"bugtrack_url": null,
"license": "BSD 3-Clause License",
"summary": "A Python client for the crt.sh website to retrieve subdomains information",
"version": "0.9.0",
"project_urls": {
"Homepage": "https://github.com/santosomar/certspy"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d6599a13ba758c4d4922ee0dee3086f4a704b0425399f7ebf82e8526622216e0",
"md5": "a11160121785717d99eea5e74f7b0d45",
"sha256": "ed338c485cb93eafe43a4fb486eae99d692ef0efee016caefc8b93b0a771dbbc"
},
"downloads": -1,
"filename": "certspy-0.9.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a11160121785717d99eea5e74f7b0d45",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 6063,
"upload_time": "2024-09-01T03:22:16",
"upload_time_iso_8601": "2024-09-01T03:22:16.446800Z",
"url": "https://files.pythonhosted.org/packages/d6/59/9a13ba758c4d4922ee0dee3086f4a704b0425399f7ebf82e8526622216e0/certspy-0.9.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "cd8e686872da453051c249fa04291eb3ef7eebf915f1ed63f0d6b188c5b6f7dd",
"md5": "53b787846cdf90d29c8dfa421ed3b20b",
"sha256": "d69ae09c593b16e56bf8daab2cbf99b962e333384eb2bc2978ef1dd66e13021d"
},
"downloads": -1,
"filename": "certspy-0.9.0.tar.gz",
"has_sig": false,
"md5_digest": "53b787846cdf90d29c8dfa421ed3b20b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 5518,
"upload_time": "2024-09-01T03:22:18",
"upload_time_iso_8601": "2024-09-01T03:22:18.294851Z",
"url": "https://files.pythonhosted.org/packages/cd/8e/686872da453051c249fa04291eb3ef7eebf915f1ed63f0d6b188c5b6f7dd/certspy-0.9.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-01 03:22:18",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "santosomar",
"github_project": "certspy",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "certspy"
}
JSON
