auditing-tls-certificate-transparency-logs

Featured

Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Auditing TLS Certificate Transparency Logs ## When to Use - Monitoring owned domains for unauthorized or unexpected certificate issuance by unknown Certificate Authorities - Discovering subdomains and hidden services through certificates logged in public CT logs - Detecting phishing infrastructure that uses look-alike domain certificates (typosquatting, homograph attacks) - Auditing Certificate Authority compliance by verifying all issued certificates appear in CT logs as required by browser policies - Building continuous certificate monitoring into a security operations pipeline with alerting for new issuances **Do not use** for attacking or disrupting Certificate Authorities, for scraping CT logs in violation of rate limits or terms of service, or as the sole method of subdomain enumeration without corroborating results through DNS verification. ## Prerequisites - Python 3.10+ with `requests`, `cryptography`, and `pyOpenSSL` libraries installed - Network access to crt.sh (HTTPS) and public CT log servers - A list of domains to monitor (owned domains, brand variations, typosquat candidates) - SMTP credentials or webhook URL for alerting on new certificate discoveries - Basic understanding of X.509 certificate structure and TLS certificate chain validation ## Workflow ### Step 1: Domain Inventory and Baseline Build the initial certificate inventory for monitored domains: - **Define monitoring scope**: List all owned root domains, registered brand names, and known s...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

analyzing-certificate-transparency-for-phishing

Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.

12,642 Updated today
mukul975
AI & Automation Solid

analyzing-tls-certificate-transparency-logs

Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate issuance, and shadow IT. Monitors newly issued certificates for typosquatting and brand impersonation using Levenshtein distance. Use for proactive phishing domain detection and certificate monitoring.

12,642 Updated today
mukul975
AI & Automation Solid

hunting-for-domain-fronting-c2-traffic

Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection

12,642 Updated today
mukul975
Code & Development Solid

cryptographic-analysis--assessment

SSL/TLS auditing, cipher suite analysis, hash algorithm identification, encryption implementation review, and cryptographic weakness detection in code

47 Updated today
Masriyan
AI & Automation Solid

tls-security

Expert skill for TLS/SSL implementation and certificate management. Generate and validate TLS configurations, create and manage X.509 certificates, analyze cipher suite security, debug TLS handshake failures, and implement certificate pinning.

1,034 Updated today
a5c-ai