User Guide
Synapse-Google-CT User Guide
Synapse-Google-CT adds new Storm commands to allow you to query the Google Certificate Transparency API.
Getting Started
Check with your Admin to enable permissions.
Examples
Querying a domain for subdomains
Populate subdomains for a domain:
> [inet:fqdn=vertex.link] | google.ct.subdomains --yield --size 5
inet:fqdn=www.vertex.link
.created = 2024/12/20 18:03:01.054
:domain = vertex.link
:host = www
:issuffix = false
:iszone = false
:zone = vertex.link
inet:fqdn=demo0011.app.vertex.link
.created = 2024/12/20 18:03:01.216
:domain = app.vertex.link
:host = demo0011
:issuffix = false
:iszone = false
:zone = vertex.link
inet:fqdn=demo0010.app.vertex.link
.created = 2024/12/20 18:03:01.289
:domain = app.vertex.link
:host = demo0010
:issuffix = false
:iszone = false
:zone = vertex.link
inet:fqdn=optic.docs.vertex.link
.created = 2024/12/20 18:03:01.387
:domain = docs.vertex.link
:host = optic
:issuffix = false
:iszone = false
:zone = vertex.link
inet:fqdn=enterprise.docs.vertex.link
.created = 2024/12/20 18:03:01.408
:domain = docs.vertex.link
:host = enterprise
:issuffix = false
:iszone = false
:zone = vertex.link
Use of meta:source
nodes
Synapse-Google-CT uses a meta:source
node and -(seen)>
light
weight edges to track nodes observed from the Google-CT API.
> meta:source=3f312b8e323b81c15c4280cc3f79d702
meta:source=3f312b8e323b81c15c4280cc3f79d702
.created = 2024/12/20 18:03:01.045
:name = google-ct api
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-Google-CT. The following example shows how to filter the results of a query to include only results observed by Synapse-Google-CT:
> #cool.tag.lift +{ <(seen)- meta:source=3f312b8e323b81c15c4280cc3f79d702 }