What it does

Monitors CT logs in real-time and prints domains matching your regex pattern. Useful for domain monitoring, brand protection, security research, and finding new subdomains.

Real-time Monitoring

Monitor Certificate Transparency logs in real-time with configurable polling intervals

Privacy-First

Local processing means your data never leaves your machine

Lightweight

Minimal resource usage with efficient regex pattern matching

Flexible

Customizable patterns, batch sizes, and CT log selection

Checkpoint System

Resume monitoring from where you left off with persistent checkpoints

Multi-Instance

Run multiple monitoring instances in parallel for different patterns

Quick Start Examples

Get started with CertPatrol in minutes. Here are some common use cases:

Basic Domain Monitoring

# Find domains containing "example"
certpatrol --pattern "example"

# Find shop subdomains of amazon.com
certpatrol --pattern "shop.*\.amazon\.com$"

Advanced Pattern Matching

# Multiple patterns
certpatrol --pattern "(petsdeli|pet-deli)" --verbose

# API subdomains
certpatrol --pattern "api.*\.google\.com$"

# All subdomains of a domain
certpatrol --pattern ".*\.example\.com$"

Production Usage

# Run multiple instances
certpatrol --pattern "domain1" &
certpatrol --pattern "domain2" &

# Match against base domains only
certpatrol --pattern "argentina" --etld1

Installation

CertPatrol is now available as a pip package for easy installation:

# Install from PyPI
pip install certpatrol

# Start monitoring immediately
certpatrol --pattern "your-pattern"

Alternatively, you can still install from source:

# Clone the repository
git clone https://github.com/ToritoIO/CertPatrol.git
cd CertPatrol

# Install dependencies
pip install -r requirements.txt

# Start monitoring
python certpatrol.py --pattern "your-pattern"

FAQ - Certificate Transparency

Common questions about Certificate Transparency logs and monitoring

A Certificate Transparency (CT) log is a publicly verifiable, append-only, and tamper-proof log that records all SSL/TLS certificates issued by Certificate Authorities (CAs). It creates a public record of all certificates, helping detect and prevent unauthorized or malicious certificate issuance. This transparency allows domain owners and security teams to monitor for certificates they didn't authorize.

A "CT certificate" isn't a different type of certificate—it's a standard SSL/TLS certificate that has been logged in Certificate Transparency logs. When a CA issues a certificate, it submits it to public CT logs, which return a Signed Certificate Timestamp (SCT). This SCT is embedded in the certificate, and major browsers like Chrome now require valid SCTs for certificate acceptance.

CT log monitoring is the process of actively watching Certificate Transparency logs to detect certificate issuance for your domain names. This allows domain owners to quickly identify unauthorized certificates that may have been issued by compromised CAs or through fraudulent processes. Tools like CertPatrol automate this monitoring with real-time alerts.

You can check CT logs using various online tools and services—many offer simple lookup features where you enter a domain name to see all logged certificates. For continuous monitoring, specialized tools like CertPatrol provide automated monitoring and alerting, eliminating the need for manual log checking.

SSL certificate monitoring involves more than checking expiration dates—it includes verifying correct certificate usage and detecting unauthorized issuance. The most effective approach combines CT log monitoring for unauthorized certificates with tracking of certificate expiration and proper SSL/TLS configuration to ensure complete website security.

Certificate monitoring refers to using Certificate Transparency to track all certificates issued for your domains. This monitoring process ensures only authorized and legitimate certificates are used for your services, providing an early warning system for potential security threats and certificate misuse.

To investigate an SSL certificate, check its details including issuer, validity dates, and domain names using browser tools or online SSL checkers. For investigating unauthorized certificates, examine Certificate Transparency logs. Monitoring services like CertPatrol can alert you to unexpected or suspicious certificates that require further investigation.