driftnet

Driftnet API

A comprehensive RESTful JSON API.

Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSDNS MX & TXTReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints
Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSDNS MX & TXTReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints

Certificate Transparency

Overview

Certificate Transparency logs are a public record of issued TLS certificates. They can be a useful source of hostname information.

Searching

Certificate Transparency logs are searched using the ct/log endpoint. The endpoint is very similar in structure to the scan/protocols endpoint, and accepts many of the same parameters.

In particular, the field, keyword=, query=, prefix=, slop=, page=, filter= and summarize= parameters work in exactly the same way as described in the Internet Scans section.

Time Filtering

The to= / from= time-filtering options work in a similar way, except that by default the filtering is performed on the date at which the certificate was issued. To switch to filtering on the time at which the certificate expires, set valid-filter=valid-to. For example:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/ct/log?field=host:driftnet.io&valid_filter=valid-to&from=2019-06-13' \
  | jq . \
  | less -S
{
  "page": 0,
  "pages": 1,
  "result_count": 10,
  "results": [
    {
      "date": "2019-08-13",
      "id": "HDHaU9xIRZeMsATXV-sY1w",
      "items": [
        {
          "context": "ct-log",
          "is_metadata": false,
          "type": "url",
          "value": "https://nessie2022.ct.digicert.com/log/"
        },
        {
          "context": "ct-log",
          "is_metadata": false,
          "type": "index",
          "value": "1583783676"
        },
        ...