image

crt.sh Plugin for Steampipe

Use SQL to query certificates, log entries and more from the crt.sh certificate transparency database.

Quick start

Install the plugin with Steampipe:

steampipe plugin install crtsh

Configure the server address in ~/.steampipe/config/crtsh.spc:

connection "crtsh" {
  plugin = "crtsh"
}

Run steampipe:

steampipe query

Query certificates:

select
  dns_names,
  not_after
from
  crtsh_certificate
where
  query = 'steampipe.io';

+------------------------+---------------------------+
| dns_names              | not_after                 |
+------------------------+---------------------------+
| ["steampipe.io"]       | 2022-10-24T08:48:52-04:00 |
| ["cloud.steampipe.io"] | 2022-10-20T22:56:08-04:00 |
+------------------------+---------------------------+

Enumerate and discover subdomains for a given domain:

with raw_domains as (
  -- Search for any certificates matching steampipe.io
  select distinct
    jsonb_array_elements_text(dns_names) as domain
  from
    crtsh_certificate
  where
    query = 'steampipe.io'
)
select
  *
from
  raw_domains
where
  -- filter out mixed domains (e.g. from shared status page services)
  domain like '%steampipe.io'
order by
  domain

+--------------------+
| domain             |
+--------------------+
| cloud.steampipe.io |
| hub.steampipe.io   |
| steampipe.io       |
| www.steampipe.io   |
+--------------------+

Developing

Prerequisites:

Clone:

git clone https://github.com/turbot/steampipe-plugin-crtsh.git
cd steampipe-plugin-crtsh

Build, which automatically installs the new version to your ~/.steampipe/plugins directory:

make

Configure the plugin:

cp config/* ~/.steampipe/config
vi ~/.steampipe/config/crtsh.spc

Try it!

steampipe query
> .inspect crtsh

Further reading:

Contributing

Please see the contribution guidelines and our code of conduct. All contributions are subject to the Apache 2.0 open source license.

help wanted issues:

GitHub

View Github