top | item 41477854 (no title) Kab1r | 1 year ago Is this just searching certificate transparency logs? discuss order hn newest yup_sto|1 year ago I'd imagine it's a combination of- CT log monitoring (https://github.com/CaliDog/CertStream-Server)- Mass-Scanning across ipv4 on 80/443 at the least?- Brute-forcing subdomains on wildcards with large DNS wordlist (like something from assetnote: https://wordlists-cdn.assetnote.io/data/manual/best-dns-word...)- Scraping/extracting subdomains/domains from JSBut I've never attempted to enumerate subdomains on this scale before, so I could be missing something obvious flemhans|1 year ago I think it's a mix of different sources. Certainly, some of my subdomains there never had an SSL certificate. Eikon|1 year ago Well, CT logs are a data dump, they are not searchable, ingesting all that data near-real time and making it searchable in a useful and fast way (especially with wildcards) is actually quite challenging! stavros|1 year ago Where does one ingest them from? load replies (1) remram|1 year ago I have subdomains with (non-wildcard) certificates that aren't on there. yup_sto|1 year ago [deleted]
yup_sto|1 year ago I'd imagine it's a combination of- CT log monitoring (https://github.com/CaliDog/CertStream-Server)- Mass-Scanning across ipv4 on 80/443 at the least?- Brute-forcing subdomains on wildcards with large DNS wordlist (like something from assetnote: https://wordlists-cdn.assetnote.io/data/manual/best-dns-word...)- Scraping/extracting subdomains/domains from JSBut I've never attempted to enumerate subdomains on this scale before, so I could be missing something obvious
flemhans|1 year ago I think it's a mix of different sources. Certainly, some of my subdomains there never had an SSL certificate.
Eikon|1 year ago Well, CT logs are a data dump, they are not searchable, ingesting all that data near-real time and making it searchable in a useful and fast way (especially with wildcards) is actually quite challenging! stavros|1 year ago Where does one ingest them from? load replies (1)
remram|1 year ago I have subdomains with (non-wildcard) certificates that aren't on there. yup_sto|1 year ago [deleted]
yup_sto|1 year ago
- CT log monitoring (https://github.com/CaliDog/CertStream-Server)
- Mass-Scanning across ipv4 on 80/443 at the least?
- Brute-forcing subdomains on wildcards with large DNS wordlist (like something from assetnote: https://wordlists-cdn.assetnote.io/data/manual/best-dns-word...)
- Scraping/extracting subdomains/domains from JS
But I've never attempted to enumerate subdomains on this scale before, so I could be missing something obvious
flemhans|1 year ago
Eikon|1 year ago
stavros|1 year ago
remram|1 year ago
yup_sto|1 year ago
[deleted]