04/07/17. Version 0.1


This is a “Quick and dirty” Python script for checking if a domain properly implements Certificate Transparency. If so, it is possible to observe how Certificate Transparency is implemented on the server side.

When a server implements Certificate Transparency, it must offer at least one SCT (a proof of inclusion of the server TLS Certificate into a Transparency Log).

A SCT can be offered by three different ways:

  • Embedded in the certificate
  • As a TLS extension
  • Via OCSP Stapling

Using PySCTChecker is possible to identify the delivery options that the server uses and the logs where the certificate has been sent to. Also, it is possible to check if the offered SCTs are valid and legitimately signed by logs.

This script just need a list of domains as input. For each domain, it will check if the server implements Certificate Transparency. If the server offers any SCT, the script will show extra information about it, such for example the logs where the TLS certificate has been sent and which method the server uses to deliver the SCT.

python PySCTChecker/ [domain1 domain2 ...]

Output example: