Driftnet API

A comprehensive RESTful JSON API.


Certificate Transparency


Overview

Certificate Transparency logs are a public record of issued TLS certificates. They can be a useful source of hostname information.

Searching

Certificate Transparency logs are searched using the ct/log endpoint. The endpoint is very similar in structure to the scan/protocols endpoint, and accepts many of the same parameters.

In particular, the field, keyword=, query=, prefix=, slop=, page=, filter= and summarize= parameters work in exactly the same way as described in the Internet Scans section.

Time Filtering

The to= / from= time-filtering options work in a similar way, except that by default the filtering is performed on the date at which the certificate was issued. To switch to filtering on the time at which the certificate expires, set valid-filter=valid-to. For example:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/ct/log?field=host:driftnet.io&valid_filter=valid-to&from=2019-06-13' \
  | jq . \
  | less -S
{
  "page": 0,
  "pages": 1,
  "result_count": 10,
  "results": [
    {
      "date": "2019-08-13",
      "id": "HDHaU9xIRZeMsATXV-sY1w",
      "items": [
        {
          "context": "ct-log",
          "is_metadata": false,
          "type": "url",
          "value": "https://nessie2022.ct.digicert.com/log/"
        },
        {
          "context": "ct-log",
          "is_metadata": false,
          "type": "index",
          "value": "1183012141"
        },
        ...