HN Showcase
Back to browse
SSL certificate discovery from CT logs

SSL certificate discovery from CT logs

by vojtechrichter·May 3, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My Problem

Finds shadow IT subdomains via CT logs without needing DNS access.

Strengths
  • Live TLS handshake verification confirms if a cert is actually active.
  • No signup or agent installation required for immediate reconnaissance.
Weaknesses
  • Public CT log registries are often overloaded, causing slow query times.
  • Subfinder and Amass already cover this attack surface extensively.
Category
Security
Target Audience

DevOps engineers and security researchers

Similar To

Subfinder · crt.sh · Amass

Post Description

Free tool to discover possibly forgotten subdomains with issued certificates.

Some domains might need to get submitted in a few repeated attempts, since the public CT logs registries are very overloaded, and Tidelock is trying to pick the most accessible one, without caching anything, so the provided report is always up-to-date with live information.

I will be grateful for any feedback regarding this tool, or in general any SSL/DNS related tools you would appreciate in your daily work.

Similar Projects

Developer Tools●●Solid

CertWarden – SSL certificate monitoring app for iOS

Native SwiftUI app with a tidy card-based UI and an anonymous, device-tied model — no account required — which is a smart privacy-first choice for a monitoring utility. The backend on Cloudflare Workers keeps the footprint minimal and the one‑time Pro unlock for unlimited domains + webhooks/API is pragmatic, but lack of a web dashboard or multi-device sync limits it to solo operators for now.

Niche GemShip It
ismailperim
203mo ago