Kab1r
6 days ago
Is this just searching certificate transparency logs?
yup_sto
6 days ago
I'd imagine it's a combination of
- CT log monitoring (https://github.com/CaliDog/CertStream-Server)
- Mass-Scanning across ipv4 on 80/443 at the least?
- Brute-forcing subdomains on wildcards with large DNS wordlist (like something from assetnote: https://wordlists-cdn.assetnote.io/data/manual/best-dns-word...)
- Scraping/extracting subdomains/domains from JS
But I've never attempted to enumerate subdomains on this scale before, so I could be missing something obvious
flemhans
6 days ago
I think it's a mix of different sources. Certainly, some of my subdomains there never had an SSL certificate.
Eikon
6 days ago
Well, CT logs are a data dump, they are not searchable, ingesting all that data near-real time and making it searchable in a useful and fast way (especially with wildcards) is actually quite challenging!
stavros
6 days ago
Where does one ingest them from?
supriyo-biswas
5 days ago
stavros
5 days ago
Thanks!
remram
5 days ago
I have subdomains with (non-wildcard) certificates that aren't on there.
yup_sto
5 days ago
[dead]