User Guide
Synapse-CertSpotter User Guide
Synapse-CertSpotter adds new Storm commands to allow you to query the CertSpotter API using your existing API key.
Getting Started
Check with your Admin to enable permissions and find out if you need a personal API key.
Examples
Setting your personal API key
To set-up a personal use API key:
> certspotter.setup.apikey --self myapikey
Setting Synapse-CertSpotter API key for the current user.
Querying Subdomains using Synapse-CertSpotter
Query a domain to search for subdomains:
> [ inet:fqdn=vertex.link ] certspotter.subdomains --yield | limit 3
WARNING: Cert Spotter API failed with HTTP Error: -1
Query a domain to retrieve and parse all of its and its subdomains’ certificates:
> [ inet:fqdn=docs.vertex.link ] certspotter.certs --match-wildcards --include-subdomains --yield | limit 3
WARNING: Cert Spotter API failed with HTTP Error: -1
Use of meta:source
nodes
Synapse-CertSpotter uses a meta:source
node and -(seen)>
light
weight edges to track nodes observed from the CertSpotter API.
> meta:source=88e4450dfa05ab167d27ddab7eb2790b
meta:source=88e4450dfa05ab167d27ddab7eb2790b
.created = 2024/12/20 17:53:03.624
:name = certspotter api
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-CertSpotter. The following example shows how to filter the results of a query to include only results observed by Synapse-CertSpotter:
> inet:fqdn:zone=vertex.link +{ <(seen)- meta:source=88e4450dfa05ab167d27ddab7eb2790b }