Aggregating Sub-domain Certificate Information

Number of APIs: 3

What does this collection accomplish?

  • Maintain and monitor a sub-domain inventory.
  • Monitor certificate information and visualize days-until-expiry.
  • Maintain DNS namespace mapping which allows for easier auditing.

Configuring your environment

Configure the following variables in an environment: - Enter your CertSpotter API token. - Enter the domain you want to enumerate. - Enter a boolean value for subdomain enumeration. - Set the red_thresh, yellow_thresh and green_thresh variables for colour coding days-until-expiry in the visualizer. - Enter the Slack web-hook you want to send alerts to.

Note: The pre/post-request scripts use collection variables to maintain state and intermediate data and do not require any manual interaction.

Using the collection

  • Once configured, run the collection within the Runner with the relevant environment selected.
  • Upon completion, you may manually run the Visualize as Table or Push to Slack requests.

How does it work?

This collection uses the SSLMate CertSpotter API (https://sslmate.com/certspotter/api/) to query certificate information for subdomains of a specified domain. Information such as public-key hashes, certificate issuers, creation time, expiry time and number of days till expiry are processed and stored in collection and temporary variables.

The results may then visualized in tabular form, with colour coding (red/yellow/green) based on thresholds set in the environment.

The results may be sent to a Slack webhook, also configured in the environment.

Note: If you use the free-tier key for the CertSpotter API, you may be rate limited on API usage. In this case, both the visualization and Slack message will show a relevant error message.

  1. Get Subdomain Certificates - Get Certificates for Subdomains GET https://api.certspotter.com/v1/issuances?domain={{domain}}&include_subdomains={{include_subdomains}}&expand=dns_names&expand=issuer&after={{after}}

  2. Reporting - Visualize as Table GET google.com

  3. Reporting - Push to Slack POST {{slack_hook}}