Steampipe的crt.sh插件

使用SQL来查询crt.sh证书透明数据库中的证书、日志条目等内容：

快速入门

用Steampipe安装该插件。

steampipe plugin install crtsh

在~/.steampipe/config/crtsh.spc 中配置服务器地址：

connection "crtsh" {
  plugin = "crtsh"
}

运行steampipe：

steampipe query

查询证书：

select
  dns_names,
  not_after
from
  crtsh_certificate
where
  query = 'steampipe.io';

+------------------------+---------------------------+
| dns_names              | not_after                 |
+------------------------+---------------------------+
| ["steampipe.io"]       | 2022-10-24T08:48:52-04:00 |
| ["cloud.steampipe.io"] | 2022-10-20T22:56:08-04:00 |
+------------------------+---------------------------+

列举并发现给定域名的子域：

with raw_domains as (
  -- Search for any certificates matching steampipe.io
  select distinct
    jsonb_array_elements_text(dns_names) as domain
  from
    crtsh_certificate
  where
    query = 'steampipe.io'
)
select
  *
from
  raw_domains
where
  -- filter out mixed domains (e.g. from shared status page services)
  domain like '%steampipe.io'
order by
  domain

+--------------------+
| domain             |
+--------------------+
| cloud.steampipe.io |
| hub.steampipe.io   |
| steampipe.io       |
| www.steampipe.io   |
+--------------------+

开发

克隆:

git clone https://github.com/turbot/steampipe-plugin-crtsh.git
cd steampipe-plugin-crtsh

构建，它会自动将新版本安装到你的~/.steampipe/plugins 目录:

make

配置该插件:

cp config/* ~/.steampipe/config
vi ~/.steampipe/config/crtsh.spc

试试吧!

steampipe query
> .inspect crtsh