Hey folks!
Here’s a quick video on how to scrape SSL certificate information from crt.sh with Google Sheets1. This technique can help you discover interesting subdomains, domains that are connected to your target or phishing domains that are abusing your brand. Copy and paste the entire row of hostnames into your favourite reconnaissance or scanning tools, or fire up a Kasm session and start browsing to see what you can find.
Now, stay tuned for our regular instalments and feel free to ask questions in the comments below. I am happy to demonstrate how to slice and dice a variety of data to help your investigations!
Justin
PS. The function we used is:
=IMPORTHTML(“https://crt.sh?q=twitter.com”,”table”)
Off the Cuff: Freak in the Google Sheets