Open gustavorobertux opened 4 years ago
Can you show me what domain are you trying this on? Also does it show any results when you look for it directly on crt.sh?
Can you show me what domain are you trying this on? Also does it show any results when you look for it directly on crt.sh?
domain=paloalto.com ; curl -s https://certspotter.com/api/v0/certs\?domain\=$domain | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u | grep $domain
Works fine :)
domain=www.paloalto.com ; curl -s https://certspotter.com/api/v0/certs\?domain\=$domain | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u | grep $domain
jq: error (at <stdin>:0): Cannot index string with string "dns_names"
:P
After this happens, the script freezes and does not end.
@nahamsec
Unfortunately I think this is related to Certspotter limit on requests using the free API key subscription. For this reason, sometimes the curl does not return anything.
Also, the prices are really high if you want higher limits!
curl -s https://certspotter.com/api/v0/certs\?domain\=vpn.hackerone.net {"code":"rate_limited","message":"You have exceeded the domain search rate limit for the Cert Spotter API. Please try again later, or authenticate with an API key."}
Fixed in #52 @nahamsec Please, take a look at it.
Aparently the V0 API has been discontinuated, I recived this message:
{"code":"api_discontinued","message":"Cert Spotter APIv0 has been discontinued in favor of APIv1. Please see <https://sslmate.com/help/reference/ct_search_api_v1> for documentation."}
, then I figured out the V1 API, you can use like this to find domains and subdomains:
curl -s https://certspotter.com/api/v1/issuances\?$domain\=clubhouse.com\&expand\=dns_names\&include_subdomains\=true
.
I hope this helped.
Hello guys, I am constantly encountering the following error:
I'm using Ubuntu at Linode
Thank you in advance :)