Skip to content
/ crt Public

Found subdomains abusing ssl certificate transparency logs for multiple root domains in one shot.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BananaHolograma/crt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
assets
assets
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
crt.sh
crt.sh
 
 

Repository files navigation

crt_thumbnail

crt

crt abuse certificate transparency logs for getting subdomains from a one or multiple root domains. The process is very clean, a light http request to crt.sh to fetch the subdomain information in a manipulatable format supporting multiple root domains at once.

Usage

  • The default output path is the current directory, so when the information is fetched it creates for each domain a subdomains_<domain>.txt file in this path
  • Important: The domains must be the last argument in the script execution if does not comes from stdin
# Unexpected behavior
bash crt.sh "example.com example.es" -o 'output/folder' -t 5

# Works
bash crt.sh -o 'output/folder' -t 5 "example.com example.es"
cat subdomains.txt | bash crt.sh -o 'output/folder' -t 5
USAGE:
    crt [OPTIONS] [SOURCE]...

EXAMPLES:
    bash crt.sh "example.com,example2.es"
    cat subdomains.txt | bash crt.sh
    bash crt.sh -o 'path/to/folder' -t 15 "root.com|root2.es"

OPTIONS:
    -t                 Select the threads you want to use in the execution
    -o                 Define a file path to save the subdomain text files
    -v                 Display the actual version
    -h                 Print help information

Examples

Simple enumeration from file

### subdomains.txt
hilton.io
tesla.com
indriver.com
###

cat subdomains.txt | bash crt.sh

[-] Fetching certificate transparency history for domain hilton.io ...
[-] Fetching certificate transparency history for domain indriver.com ...
[-] Fetching certificate transparency history for domain tesla.com ...
[+] Found 43 results for indriver.com
[+] Found 15 results for hilton.io
[+] Found 159 results for tesla.com

Enumeration from raw text

# Supported delimiters , - _ | / : ' '
bash crt.sh "example.com,example.es,example.org"

bash crt.sh "example.com|example.es|example.org"

bash crt.sh "example.com:example.es:example.org"

bash crt.sh "example.com/example.es/example.org"

bash crt.sh "example.com-example.es-example.org"

bash crt.sh "example.com_example.es_example.org"

bash crt.sh "example.com example.es example.org"

Select the output of subdomain .txt files

cat subdomains.txt | bash crt.sh -o 'my/output/folder'

# my/output/folder/subdomains_example.com.txt
# my/output/folder/subdomains_example.es.txt
...

Number of threads

bash crt.sh -t 20 "example.com,example.es,example.org"

About

Found subdomains abusing ssl certificate transparency logs for multiple root domains in one shot.

Topics

bash ssl security scan subdomain enumeration crt

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages