All about Certificates

badssl

TLS | Tools

Test the quality of a client's SSL/TLS stack. The website shows sites which should fail or pass. Sites which fail but do not on the browser viewing are a risiko.


Censys

Datasets | DNS | IP | Networks

Censys performs regular scans for common protocols (e.g., DNS, HTTP(S), SSH). Provides a search for TLS certificates.

Access is free, but requires registration.

@InProceedings{censys15,
    author = {Zakir Durumeric and David Adrian and Ariana Mirian and Michael Bailey and J. Alex Halderman},
    title = {A Search Engine Backed by {I}nternet-Wide Scanning},
    booktitle = {Proceedings of the 22nd {ACM} Conference on Computer and Communications Security},
    month = oct,
    year = 2015
}

Certificate Search crt.sh

Datasets

Certificate search engine. crt.sh is based on the certificate transparency logs and provide wildcard search for domains.


Google Transparency Report

Datasets

Google's Transparency Report contains various information. It provides information about email encryption, HTTPS encryption, information about potentially harmful applications in Android, and live reports of traffic disruptions, such as censorship.

It provides a certificate search based on the certificate transparency logs, similar to crt.sh: https://transparencyreport.google.com/https/certificates


Mozilla Observatory

TLS | Tools

Website quality measurement tool. The website measures the quality of HTTP headers which improve security. Additionally, it provides inspections for the TLS certificate and SSH servers. It also includes many third party tools.


netray.io Internet Observatory

Datasets | DNS | Networks

The Internet Observatory is a project by the RWTH Aachen University. It combines different scanning projects.

As of writing it contains information about:

  • DNS
  • HTTP2 and Server Push
  • QUIC
  • TCP Initial Window
  • Certificate Authority Aurthoization (CAA)

Passive SSL (CIRCL)

Datasets

Historical certificate dataset. Allows querying based on IP address or certificate.


Qualys SSL Labs

TLS | Tools

Test the quality of a server's or a client's SSL/TLS stack. Very useful to test a server. Provides a A-F rating scheme and shows vulnerabilities and weak protocols/cipher suites.


RIPE Atlas

Datasets | DNS | IP | Networks

RIPE operates a set of probes, which can be used to send pings or similar measurements. The probes are mainly placed in Europe but some are also in other continents.

All the collected measurements can be found in the RIPE Atlas Daily Archives. The blog post gives some more details.


RsaCtfTool

CTF | Tools

The RsaCtfTool is a tool supporting working with RSA keys. The main focus lies in a wide range of known attacks which are implemented and easy to use with it. This makes it suitable for CTFs, especially Jeopardies.


scans.io Internet-Wide Scan Data Repository

Datasets | DNS | IP | Networks

A list of Internet scans for free to download. Some of the data is historical, some scans are still actively updated.

Links to a downloadable list of the Alexa top 1 million.


Shodan

Datasets | DNS | IP | Networks

Shodan performs regular scan on common ports.

Access is free, but requires registration. More results can be gained with a paid account.