# Introduction - At its core, the SSL/TLS protocol uses digital certificates, which follow the X.509 standard - CT (cert transparency) logs are public, append-only ledgers that record the issuance of SSL/TLS certificates - Whenever a CA issues a new cert, it must submit it to multiple CT logs, which are maintained by independent orgs for anyone to inspect - Essentially CT logs serve as a global registry of certs - CT logs server several purposes: - Early detection of rogue certs - Accountability for CAs - Strengthening web PKI # Tools for searching CT logs |Tool|Key Features|Use Cases|Pros|Cons| |---|---|---|---|---| |[crt.sh](https://crt.sh/)|User-friendly web interface, simple search by domain, displays certificate details, SAN entries.|Quick and easy searches, identifying subdomains, checking certificate issuance history.|Free, easy to use, no registration required.|Limited filtering and analysis options.| |[Censys](https://search.censys.io/)|Powerful search engine for internet-connected devices, advanced filtering by domain, IP, certificate attributes.|In-depth analysis of certificates, identifying misconfigurations, finding related certificates and hosts.|Extensive data and filtering options, API access.|Requires registration (free tier available).| - `crt.sh` example ```bash curl -s "https://crt.sh/?q=facebook.com&output=json" | jq -r '.[] | select(.name_value | contains("dev")) | .name_value' | sort -u # curl portion fetches JSON output form crt.sh for certs matching "facebook.com" # jq | select | contains | .name_value portion filters the JSON results, selecting only entries where the `name_value` field (which contains the domain or subdomain) includes the string "`dev`" # sort -u sorts only unique results alphabetically ```