My buddy Omar Santos released a cool tool worth checking out. Certificate Transparency (CT) is an open framework aimed at improving the safety of SSL/TLS certificates by creating an open and auditable log of all certificates issued by certificate authorities. It allows for the detection of mistakenly or maliciously issued certificates.
In the context of reconnaissance (recon), cybersecurity experts and ethical hackers can utilize CT logs as a rich source of information for mapping different environments. You can extract data about the existence of subdomains of a target domain, revealing potential targets for further investigation or penetration testing. This kind of intel can be vital in identifying vulnerable endpoints, tracking the issuance of new certificates, and generally maintaining a strong security posture against potential cyber threats.
There are several tools and websites out there to obtain certificate transparency information. However, most of them are very “heavy weight” and I wanted something super simple. There are sites like https://crt.sh that makes CT recon very easy. I created a tool that I called CertSPY that leverages CT logs accessible through the crt.sh site to facilitate such recon efforts, aiding in the timely identification of potential security vulnerabilities.
You can access the tool source code at: https://github.com/santosomar/certspy