Tail Certificate Transparency logs and extract hostnames.
This utility is an alternative to using hosted services like crt.sh or CertStream.
ctail
is designed for quickly tailing the head of the logs and may not be the best choice for building comprehensive databases.
If you need something more comprehensive, consider the following open source alternatives:
Warning: ctail
can use a large amount of bandwidth (download) due to the rate of change in modern CT logs. If you are running this on a bandwidth-limited virtual machine, you may blow through your quota and rack up additional fees.
Usage:
$ go run github.com/hdm/ctail@latest -f -m '^autodiscover\.'
Logs are written to standard error and results are formatted as NDJSON/JSONL and written to standard output.
The output can be filtered using using tools like jq.
Duplicate records are common and you might consider using a bloom filter in the pipeline.