Package Documentation

Storm Package: synapse-crtsh

The following Commands are available from this package. This documentation is generated for version 2.7.1 of the package.

Storm Commands

This package implements the following Storm Commands.

crtsh.certs

Query crt.sh for certificates.

Accepts hash:md5, hash:sha1, hash:sha256, crypto:x509:cert and inet:fqdn nodes
as input and queries the crt.sh database of certificates. If a matching
certificate is available, it will be downloaded and parsed with the
Synapse-FileParser service.

When an inet:fqdn node is used as input, the search query will match certificates
for that domain as well as any subdomains.

Example:

    // Search for certificates issued to vertex.link or any subdomain of vertex.link.
    inet:fqdn=vertex.link | crtsh.certs

    // Search for certificates matching a sha256 hash and yield the results.
    hash:sha256 | limit 1 | crtsh.certs --yield


Usage: crtsh.certs [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.
  --timeout <timeout>         : The max number of seconds to let each crt.sh query run.

crtsh.setup.db

Configure the crt.sh Synapse-Sidepocket connection.


Usage: crtsh.setup.db [options]

Options:

  --help                      : Display the command usage.
  --name <name>               : Name to use for the Synapse-Sidepocket connection. (default: crtsh)
  --timeout <timeout>         : The default max number of seconds to let each crt.sh query run. (default: 60)

crtsh.subdomains

Query crt.sh to discover subdomains.

Accepts inet:fqdn nodes as input and queries the crt.sh database of certificates
to search for any subdomains present.

Example:

    // Search for subdomains of vertex.link
    inet:fqdn=vertex.link | crtsh.subdomains

    // Search for subdomains of vertex.link and yield the results.
    inet:fqdn=vertex.link | crtsh.subdomains --yield


Usage: crtsh.subdomains [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.
  --timeout <timeout>         : The max number of seconds to let each crt.sh query run.

Storm Modules

This package does not export any Storm APIs.