(失敗ã—ãŸ)CT Logã®SANãŒå¤§é‡ã«çµã³ã¤ã„ãŸè¨¼æ˜Žæ›¸ã‚’見ã¤ã‘ã¦ãƒ•ã‚£ãƒƒã‚·ãƒ³ã‚°ã‚µã‚¤ãƒˆã‚’検知ã™ã‚‹æ–¹æ³• - ã¶ã‚‹ãƒ¼ãŸã‚‹ã”ã¶ã‚Šã‚“
年末ã«ãƒ„イッターã«æ›¸ã„ãŸã‘ã©ã€ç‰¹ã«è¨˜äº‹ã«ã—ã¦ã„ãªã‹ã£ãŸã®ã§ä¾›é¤Šã¨ã—ã¦ä¸€å¿œè¨˜äº‹ã«æ›¸ã„ã¦ã¿ã¾ã™ã€‚ CT Log ã® SAN ãŒç•°å¸¸ã«å¤šã„ CT Log ã¯ï¼™å‰² Malicious ãªã‚“ã˜ã‚ƒãªã„ã‹ï¼Ÿã¨æ€ã£ã¦ä»Š CT Log Streaming ã—ãªãŒã‚‰ãƒ•ã‚£ãƒ«ã‚¿ã‹ã‘ã¦ã¿ã¦ã‚‹ã‘ã©æ™®é€šã®ã‚„ã¤ãŒã‹ã‹ã‚Šã¾ãã£ã¦ãã¦æŽ¨æ¸¬ãŒå¤–ã‚ŒãŸã€‚— ã‚‚ã¤ã« (@akroasis5150) 2022å¹´12月23æ—¥ 失敗ã—ãŸå†…容ã§ã¯ã‚ã‚‹ã‚“ã§ã™ãŒã€ãŠãらãã“ã®è¦³ç‚¹ã§èª¿æŸ»ã—ã¦ã‚‹äººãŒå›½å†…ã«ã„ãªã„ã ã‚ã†ã—〠(多少関連ã™ã‚‹å†…容ã«ã¤ã„ã¦è¨˜è¼‰ã™ã‚‹ã®ã§ï¼‰ ã»ã‚“ã®å°‘ã—ã¯éœ€è¦ãŒã‚ã‚‹ã¨æ€ã£ã¦è¨˜è¼‰ã—ã¦ãŠãã¾ã™ã€‚ 一応以下ã®ã‚„ã¤ã‚’考慮ã«å…¥ã‚Œã¦æ¤œçŸ¥ã‚’考ãˆãŸã‘ã©å¤±æ•—ã—ãŸã£ã¦è©±ã§ã™ã€‚ censys 㧠SAN ã®æ•°ã‚’å…ƒã«ã—ãŸæ¤œç´¢ï¼ˆæ¤œç´¢ãŒãã‚‚ãã‚‚ã§ããªã„) crt.sh ã§ã€ SAN ã®æ•°ã‚’å…ƒã«ã—ãŸæ¤œç´¢ (検索ãŒãã‚‚ãã‚‚ã§ããªã„) crt.sh ãŒå…¬é–‹ã—ã¦ã„
Introducing CertStream
Any day that you see one of your projects make it to public release is a good day, and today is a damn good day. Today I introduce the world to CertStream — a free service and simple libraries for getting data from the Certificate Transparency Log (CTL) network in real time. This allows anyone to write extremely simple code (or even a bash script) to react to SSL certificates being issued, as they
GitHub - eth0izzle/bucket-stream: Find interesting Amazon S3 Buckets by watching certificate transparency logs.
Find interesting Amazon S3 Buckets by watching certificate transparency logs. This tool simply listens to various certificate transparency logs (via certstream) and attempts to find public S3 buckets from permutations of the certificates domain name. Be responsible. I mainly created this tool to highlight the risks associated with public S3 buckets and to put a different spin on the usual dictiona
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Monitoring Certificate Transparency Logs Using the Elastic Stack
GitHub - jonticknor/ElasticPhish: Proof-of-concept for phishing intelligence in Elastic
GitHub - edepree/certstream-elk-ingestor: A transport script for moving data from a certstream server to Elasticsearch instance.
GitHub - CaliDog/certstream-go: Go library for connecting to CertStream
GitHub - CaliDog/certstream-server: Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir
GitHub - 0xbharath/slurp-old: A tool to enumerate S3 buckets manually or via certstream
GitHub - nuncan/slurp: The original slurp source
GitHub - woj-ciech/Awake: Bug Bounty Monitor
GitHub - wesleyraptor/streamingphish: Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.
Reddit - Dive into anything
certstream.py
Catching phishing before they catch you
GitHub - x0rz/phishing_catcher: Phishing catcher using Certstream
GitHub - CaliDog/certstream-python: Python library for connecting to CertStream
{{#tags}}- {{label}}
{{/tags}}