Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Certificate Transparency Log Explorer(certs.swerdlow.dev)
21 points by benswerd 8 hours ago | 8 comments
arwt 34 minutes ago | parent | next [-]

I implemented something similar a while back (exists just as a portfolio demo now: subpinger (dot) interrupt (dot) sh).

If you want go for that sort of "live" feeling, you should consider implementing websocket streaming instead of HTTP polling, it will feel a lot nicer for users.

Are you actually ingesting certificates or are you just showing a stream of entries from different logs? I figure the former as nothing seems to be searchable -- and ingesting this data can get very expensive very quickly.

Nevertheless, cool project! I am constantly thinking about ways to turn CT log data into meaningful, actionable streams for others. If you'd be up for working on something together, give me a shout!

vasilzhigilei an hour ago | parent | prev | next [-]

Oh hi Ben. Interesting to read about attackers using CT log to find out which sites are new in order to try to login to admin pages first. Didn't know about this before, creative use of a CT log.

radicality 2 hours ago | parent | prev | next [-]

Nice, thanks. What are the different options (log streams?) you can select? I read the info box but it isn’t super clear. I figure the numbers are a year - how come there are 2027 ones with data being populated ? And how come something like ‘Argon2025h2’ also has data from ‘1h’ ago? I would expect data only on the 2026h1 - or are these some kind of shards but with weird year naming ?

agwa 2 hours ago | parent | next [-]

Logs are sharded by the expiration date of the certificate, not the issuance date, so you should expect to see growth in shards covering the next 398 days (the maximum lifetime of certificates).

As for the 2025h2 logs, these will not be acquiring any newly-issued certificates, but someone might be copying previously-issued certificates from other logs.

benswerd 2 hours ago | parent | prev [-]

TBH not clear because I'm not clear on it. I believe the naming scheme is nonstandard across providers and not a requirement as part of the standards.

dannyobrien 4 hours ago | parent | prev | next [-]

This is fascinating; thank you for building it. (I also enjoyed watching the flurry of visitors as soon as my Let's Encrypt certificate got assigned. It's a Dark Forest out there!)

benswerd 4 hours ago | parent [-]

I've been thinking a lot today about how these bots change with just a little bit more intelligence. Kinda terrifying.

goinghjuk 3 hours ago | parent | prev [-]

there are a ton of domains of the format 8chars.something.de

a lot of them are related to check24.de