API Documentation

Getting Started Internet Scans Scan Content Open Ports Domain Scans Forward DNS DNS MX & TXT Reverse DNS IP Registrations Domain Registrations Certificate Transparency JARM Fingerprints Favicon Fingerprints

Certificate Transparency

Overview

Certificate Transparency logs are a public record of issued TLS certificates. They can be a useful source of hostname information.

Searching

Certificate Transparency logs are searched using the ct/log endpoint. The endpoint is very similar in structure to the scan/protocols endpoint, and accepts many of the same parameters.

In particular, the field, keyword=, query=, prefix=, slop=, page=, filter= and summarize= parameters work in exactly the same way as described in the Internet Scans section.

Time filtering

The to= / from= time-filtering options work in a similar way, except that by default the filtering is performed on the date at which the certificate was issued. To switch to filtering on the time at which the certificate expires, set valid-filter=valid-to.

Example Request

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/ct/log?field=host:driftnet.io&valid_filter=valid-to&from=2019-06-13' \
  | jq . \
  | less -S

Example Response

{
  "page": 0,
  "pages": 1,
  "result_count": 10,
  "results": [
    {
      "date": "2019-08-13",
      "id": "HDHaU9xIRZeMsATXV-sY1w",
      "items": [
        {
          "context": "ct-log",
          "is_metadata": false,
          "type": "url",
          "value": "https://nessie2022.ct.digicert.com/log/"
        },
        {
          "context": "ct-log",
          "is_metadata": false,
          "type": "index",
          "value": "1073741824" 
        },
        ...