Certificate Transparency Log Explorer(certs.swerdlow.dev)
25 pointsby benswerd10 hours ago6 comments
  • arwt3 hours ago
    I implemented something similar a while back (exists just as a portfolio demo now: subpinger (dot) interrupt (dot) sh).

    If you want go for that sort of "live" feeling, you should consider implementing websocket streaming instead of HTTP polling, it will feel a lot nicer for users.

    Are you actually ingesting certificates or are you just showing a stream of entries from different logs? I figure the former as nothing seems to be searchable -- and ingesting this data can get very expensive very quickly.

    Nevertheless, cool project! I am constantly thinking about ways to turn CT log data into meaningful, actionable streams for others. If you'd be up for working on something together, give me a shout!

  • vasilzhigilei4 hours ago
    Oh hi Ben. Interesting to read about attackers using CT log to find out which sites are new in order to try to login to admin pages first. Didn't know about this before, creative use of a CT log.
  • JB_Devan hour ago
    My goto has been crt.sh for a few years
  • radicality5 hours ago
    Nice, thanks. What are the different options (log streams?) you can select? I read the info box but it isn’t super clear. I figure the numbers are a year - how come there are 2027 ones with data being populated ? And how come something like ‘Argon2025h2’ also has data from ‘1h’ ago? I would expect data only on the 2026h1 - or are these some kind of shards but with weird year naming ?
    • agwa4 hours ago
      Logs are sharded by the expiration date of the certificate, not the issuance date, so you should expect to see growth in shards covering the next 398 days (the maximum lifetime of certificates).

      As for the 2025h2 logs, these will not be acquiring any newly-issued certificates, but someone might be copying previously-issued certificates from other logs.

    • benswerd4 hours ago
      TBH not clear because I'm not clear on it. I believe the naming scheme is nonstandard across providers and not a requirement as part of the standards.
  • dannyobrien6 hours ago
    This is fascinating; thank you for building it. (I also enjoyed watching the flurry of visitors as soon as my Let's Encrypt certificate got assigned. It's a Dark Forest out there!)
    • benswerd6 hours ago
      I've been thinking a lot today about how these bots change with just a little bit more intelligence. Kinda terrifying.
  • goinghjuk6 hours ago
    there are a ton of domains of the format 8chars.something.de

    a lot of them are related to check24.de