7 comments

[ 2.7 ms ] story [ 28.2 ms ] thread
This is fascinating; thank you for building it. (I also enjoyed watching the flurry of visitors as soon as my Let's Encrypt certificate got assigned. It's a Dark Forest out there!)
there are a ton of domains of the format 8chars.something.de

a lot of them are related to check24.de

Nice, thanks. What are the different options (log streams?) you can select? I read the info box but it isn’t super clear. I figure the numbers are a year - how come there are 2027 ones with data being populated ? And how come something like ‘Argon2025h2’ also has data from ‘1h’ ago? I would expect data only on the 2026h1 - or are these some kind of shards but with weird year naming ?
Oh hi Ben. Interesting to read about attackers using CT log to find out which sites are new in order to try to login to admin pages first. Didn't know about this before, creative use of a CT log.
I implemented something similar a while back (exists just as a portfolio demo now: subpinger (dot) interrupt (dot) sh).

If you want go for that sort of "live" feeling, you should consider implementing websocket streaming instead of HTTP polling, it will feel a lot nicer for users.

Are you actually ingesting certificates or are you just showing a stream of entries from different logs? I figure the former as nothing seems to be searchable -- and ingesting this data can get very expensive very quickly.

Nevertheless, cool project! I am constantly thinking about ways to turn CT log data into meaningful, actionable streams for others. If you'd be up for working on something together, give me a shout!

This is super basic, no caching or persistence at all, straight polling the streams and forwarding to the client.

Would love to chat, my contact is public on my profile, send a msg.

My goto has been crt.sh for a few years