crtintel v1.1.0

Passive Certificate Transparency recon using crt.sh, with optional DNS resolution and ASN/CIDR enrichment.

New in v1.1.0

Default output is now a live terminal dashboard instead of verbose scrolling logs.

Example live UI:

crtintel summary
================

Status               : Fetching crt.sh JSON
Current domain        : hackerone.com
Output directory      : crtintel-output

Raw crt.sh responses : 0
Certificate rows     : 0
Unique subdomains    : 0
Wildcard identities  : 0
Resolved DNS records : 0
Unique IPv4s         : 0
ASN rows             : 0
Unique CIDR prefixes : 0

Use old verbose mode:

./crtintel.sh -d hackerone.com --no-live

Install dependencies

sudo apt update
sudo apt install -y curl jq dnsutils

Usage

Basic CT/subdomain/cert pull:

./crtintel.sh -d hackerone.com

With DNS resolution:

./crtintel.sh -d hackerone.com -r

With DNS + ASN/CIDR enrichment:

./crtintel.sh -d hackerone.com -r -a

Multiple domains:

./crtintel.sh -l roots.example.txt -o output/crtintel -r -a

Outputs

crtintel-output/
├── raw/
│   └── hackerone.com.json
├── certs.tsv
├── subdomains.txt
├── wildcards.txt
├── resolved.tsv
├── ips.txt
├── asn.tsv
├── cidrs.txt
└── summary.txt