Skill

analyzing-tls-certificate-transparency-logs

From asi

Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, typosquatting via Levenshtein distance, unauthorized certs, and shadow IT. For proactive security monitoring and threat hunting.

Python

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When investigating security incidents that require analyzing tls certificate transparency logs

SKILL.md

Similar Skills

analyzing-tls-certificate-transparency-logs

5.9k

Queries crt.sh and pycrtsh Certificate Transparency logs to detect phishing domains, typosquatting via Levenshtein distance, unauthorized certs, and shadow IT.

3 files

cybersecurity-skills

analyzing-tls-certificate-transparency-logs

Queries crt.sh and pycrtsh Certificate Transparency logs to detect phishing domains, unauthorized certs, shadow IT, and brand impersonations via Levenshtein distance. For proactive security monitoring.

3 files

cybersecurity-skills-zh

analyzing-certificate-transparency-for-phishing

Monitors Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Analyzing TLS Certificate Transparency Logs

When to Use

When investigating security incidents that require analyzing tls certificate transparency logs

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Familiarity with security operations concepts and tools

Access to a test or lab environment for safe execution

Python 3.8+ with required dependencies installed

Appropriate authorization for any testing activities

Instructions

Query crt.sh Certificate Transparency database to find certificates issued for domains similar to your organization's brand, detecting phishing infrastructure.

from pycrtsh import Crtsh c = Crtsh() # Search for certificates matching a domain certs = c.search("example.com") for cert in certs: print(cert["id"], cert["name_value"]) # Get full certificate details details = c.get(certs[0]["id"], type="id")

Key analysis steps:

Query crt.sh for all certificates matching your domain pattern

Identify certificates with typosquatting variations (Levenshtein distance)

Flag certificates from unexpected CAs

Monitor for wildcard certificates on suspicious subdomains

Cross-reference with known phishing infrastructure

Examples

from pycrtsh import Crtsh c = Crtsh() certs = c.search("%.example.com") for cert in certs: print(f"Issuer: {cert.get('issuer_name')}, Domain: {cert.get('name_value')}")