Here’s a quick video on how to scrape SSL certificate information from crt.sh with Google Sheets1. This technique can help you discover interesting subdomains, domains that are connected to your target or phishing domains that are abusing your brand. Copy and paste the entire row of hostnames into your favourite reconnaissance or scanning tools, or fire up a Kasm session and start browsing to see what you can find.
Now, stay tuned for our regular instalments and feel free to ask questions in the comments below. I am happy to demonstrate how to slice and dice a variety of data to help your investigations!
PS. The function we used is:
Bullsh*t Hunting is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.