Package Documentation

Storm Package: synapse-crtsh

The following Commands are available from this package. This documentation is generated for version 2.8.0 of the package.

Storm Commands

This package implements the following Storm Commands.

crtsh.certs

Query crt.sh for certificates.

Accepts hash:md5, hash:sha1, hash:sha256, crypto:x509:cert and inet:fqdn nodes
as input and queries the crt.sh database of certificates. If a matching
certificate is available, it will be downloaded and parsed with the
Synapse-FileParser service.

When an inet:fqdn node is used as input, the search query will match certificates
for that domain as well as any subdomains.

Example:

    // Search for certificates issued to vertex.link or any subdomain of vertex.link.
    inet:fqdn=vertex.link | crtsh.certs

    // Search for certificates matching a sha256 hash and yield the results.
    hash:sha256 | limit 1 | crtsh.certs --yield


Usage: crtsh.certs [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.
  --timeout <timeout>         : The max number of seconds to let each crt.sh query run.

Inputs:

  crypto:x509:cert            : crypto:x509:cert nodes
  hash:md5                    : hash:md5 nodes
  hash:sha1                   : hash:sha1 nodes
  hash:sha256                 : hash:sha256 nodes
  inet:fqdn                   : inet:fqdn nodes

The command is accessible to users with one or more of the following permissions:

  • power-ups.crtsh.user

crtsh.setup.db

Configure the crt.sh Synapse-Sidepocket connection.


Usage: crtsh.setup.db [options]

Options:

  --help                      : Display the command usage.
  --name <name>               : Name to use for the Synapse-Sidepocket connection. (default: crtsh)
  --timeout <timeout>         : The default max number of seconds to let each crt.sh query run. (default: 60)

The command is accessible to users with one or more of the following permissions:

  • power-ups.crtsh.user

crtsh.subdomains

Query crt.sh to discover subdomains.

Accepts inet:fqdn nodes as input and queries the crt.sh database of certificates
to search for any subdomains present.

Example:

    // Search for subdomains of vertex.link
    inet:fqdn=vertex.link | crtsh.subdomains

    // Search for subdomains of vertex.link and yield the results.
    inet:fqdn=vertex.link | crtsh.subdomains --yield


Usage: crtsh.subdomains [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.
  --timeout <timeout>         : The max number of seconds to let each crt.sh query run.

Inputs:

  inet:fqdn                   : inet:fqdn nodes

The command is accessible to users with one or more of the following permissions:

  • power-ups.crtsh.user

Storm Modules

This package does not export any Storm APIs.