crt.sh: what is? Let’s gather certificate information ๐Ÿ’ฏ

Introduction

In this post, you will learn what is crt.sh and how it works and mainly you will learn how to gather information using this site and check the below video if you like my voice ๐Ÿ˜œ.

Video:

What is crt.sh

Crt.sh is a site where you could find all the SSL or TLS certificates of the particular targeted domain. And the site is open-source to monitor the certificates.

The site is in a GUI format and it is really very easy to gather the information and the motive of the site is to keep the certificate logs very transparently.

Even you could find the certificates algorithms in a ciphertext format. The crt.sh stands for “certificates.Saint Helena”

Also Read: Information gathering using the Weleakinfo site!!!

Advertisement

Who developed the crt.sh tool?

The site was developed by this guy and he seems to be very intelligent and I have given the author page and also the site link check it out.

How to gather information using crt.sh ๐Ÿค”

Gathering information using this site is very easy, follow the steps carefully ๐Ÿ†—

Step1: Open crt.sh

Just enter into the site by entering crt.sh and the GUI seems something like this โœ”

Step2: Enter the target

Enter the target domain, yes man you should know the target to search for the certificate…

Searching for certs is very useful to see what kind of encryption the site is going through and much more ๐Ÿ†’

Iam searching for my domain techyrick.com

Once you have entered the target you get the certificate ID once clicked on the ID you get further information on the certificate Identity, Once click on the ID you get GUI like this one ๐Ÿ‘‡๐Ÿฝ

Now we got the information like the security algorithm it is following so there are two algorithms and the SHA-256 is currently in use and it also has SHA-1

Advertisement

Step3: Result

We could see the certificate issuer name, This information is sweet for us ๐Ÿซ. Oh yeah man

So, what could you do with this cert issuer name? Well, a lot can be done think about what you can do and comment below and once you comment I will reply with what could I do ๐Ÿคž.

Once you click on the cert issuer you will get the certificate issuers policy, which looks something like this ๐Ÿ‘‡.

crt.sh search info

So, this is how to gather information using the site “crt.sh” and you man=y final ask what if I decrypt the hash and get inside your server.

That is impossible because every year or every 3 to 6 months the certificates will be renewed ๐Ÿ˜ฎ.

Conculusion

According to my knowledge, this is the best site to gather the certificate information. So, read my recommended blogs and stay ethically hacked.

Advertisement


Also Read: Let’s gather theHarvester Information

Also Read: What is a canary token? Explained

Read: DMitry from scratch to pro

6 Comments

  1. Thanks for a marvelous posting! I certainly enjoyed reading it, you could be a great author.I will be sure to bookmark your blog and will come back later on. I want to encourage you to continue your great job, have a nice holiday weekend!

Comments are closed.