[lightswitch05]

I love CT logs! I use them to discover subdomains for my hosts file block list [1]. While it can't expand on domains that use wildcard certs - or no certs at all - it's better then nothing since hosts files don't support wildcard blocking.

Some things I've learned while working with them:

* CertSpotter [2] is a fantastic CT client written in Go that supports pattern matching. I've been running it locally with `.` match pattern and so far have a 4 gig file of unique domain names. I'm excited to see the end result once it catches up to current time.

* https://crt.sh/ is a great website to search CT logs and supports wildcards. It's currently the workhorse behind my hosts project, but I hope to remove them as a dependency once my own domain list is caught up to present day

* It looks like OP's tool is just a thin client for entrust API [3] and is not actually downloading logs directly - which isn't clear in the article. It made more since once I figured that out because these logs are huge and go back years.

[1] https://github.com/lightswitch05/hosts

[2] https://github.com/SSLMate/certspotter

[3] https://www.entrust.com/ct-search/