killvxk/analyzing-tls-certificate-transparency-logs
skills/analyzing-tls-certificate-transparency-logs/SKILL.md
通过 crt.sh 和 pycrtsh 查询证书透明度(Certificate Transparency)日志,检测钓鱼域名、未授权证书签发和影子 IT。使用 Levenshtein 距离监控新签发证书中的仿域名和品牌仿冒行为。适用于主动检测钓鱼域名和证书监控。
$ install --global
skillsauthnpx skillsauth add killvxk/cybersecurity-skills-zh analyzing-tls-certificate-transparency-logsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 4:25 AM24.5s3 files scanned
SKILL.md
- name:
- analyzing-tls-certificate-transparency-logs
- description:
- >
- domain:
- cybersecurity
- subdomain:
- security-operations
- tags:
- [analyzing, tls, certificate, transparency]
- version:
- 1.0
- author:
- mahipal
- license:
- Apache-2.0
分析 TLS 证书透明度日志
使用说明
通过查询 crt.sh 证书透明度数据库,查找针对您组织品牌相似域名签发的证书,检测钓鱼基础设施。
from pycrtsh import Crtsh
c = Crtsh()
# 搜索与域名匹配的证书
certs = c.search("example.com")
for cert in certs:
print(cert["id"], cert["name_value"])
# 获取完整证书详情
details = c.get(certs[0]["id"], type="id")
关键分析步骤:
- 查询 crt.sh 获取与您的域名模式匹配的所有证书
- 使用 Levenshtein 距离识别仿域名变体
- 标记来自非预期 CA 的证书
- 监控可疑子域名上的通配符证书
- 与已知钓鱼基础设施进行交叉验证
示例
from pycrtsh import Crtsh
c = Crtsh()
certs = c.search("%.example.com")
for cert in certs:
print(f"签发者: {cert.get('issuer_name')}, 域名: {cert.get('name_value')}")
Related Skills
killvxk/conducting-social-engineering-penetration-test
testing
VerifiedTrustedCommunity
设计并执行社会工程学渗透测试,包括钓鱼、语音钓鱼、短信钓鱼和物理借口活动,以衡量人员安全韧性并识别培训差距。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-post-incident-lessons-learned
testing
VerifiedTrustedCommunity
主持结构化的事件后审查,以识别根本原因、记录有效和无效的措施,并提出可操作的改进建议以提升未来的事件响应能力。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-phishing-incident-response
testing
VerifiedTrustedCommunity
通过分析举报的邮件、提取指标、评估凭据受攻陷情况、在全组织范围隔离恶意邮件并修复受影响账号来响应网络钓鱼事件。涵盖邮件头分析、URL/附件沙箱检测和邮箱范围清除操作。适用于网络钓鱼响应、邮件事件、凭据钓鱼、鱼叉式网络钓鱼调查或钓鱼修复相关请求。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-pass-the-ticket-attack
tools
VerifiedTrustedCommunity
票据传递(Pass-the-Ticket,PtT)是一种横向移动技术,使用窃取的 Kerberos 票据(TGT 或 TGS)在不知道用户密码的情况下向服务进行认证。通过从已控制的主机内存中提取 Kerberos 票据,攻击者可以将这些票据注入自己的会话以模拟票据所有者。
10SKILL.mdUpdated Apr 29, 2026