// tools

Exclusive Interview with SPYSE Team

Chances are you haven’t come across SPYSE yet - I hadn’t either, until this interview. They’re a small group of genuinely talented developers quietly giving back to the security community with free, well-built tools. I first stumbled onto them through certdb.com and findsubdomains.com - both worth your time - and thought enough of the work to review each: CertDB, a free SSL search engine and finding subdomains for open-source intelligence. Recently I got the chance to put some questions to the team about CertDB and what they’re building next. Here’s the conversation.

The project and the team#

What is CertDB, and who’s the backbone of the project?

We’re the SPYSE team - specialists in web analytics and digital security. In 2017 we came together as a volunteer unit to build non-profit tools and services for exploring and analysing the data that sits openly across the internet.

CertDB is an internet-wide search engine for researching and analysing digital certificates, and it was the team’s first project. The ambition from the start was to build search engines that span the entire internet infrastructure - for educational, research, and practical use - combining the core capabilities of tools like Censys, Shodan, and DomainTools while going well beyond them on data completeness and analytical depth. Alongside CertDB, our portfolio already includes FindSubdomains, which automates subdomain discovery. We’re currently building another project focused on DNS, and we aim to ship a new one roughly every month.

Our mission is to overturn the widespread belief that an SSL certificate is just a minor bundle of data files binding a cryptographic key to a company’s details. CertDB was built to change how everyday internet users think about them.

Future projects will add analytics for domains and subdomains, IP ranges, DNS records, and the connections between organisations and their digital assets. Within about four months we intend to bring these services together into a single search engine covering all of these areas - one with a more complete pool of data than any existing resource on the web.

You can see example queries at certdb.com/about. A few of the use cases we see:

  1. A newly issued certificate can flag a new service launch, a merger, or other market activity - often faster than any press release.
  2. Tracking SSL expiry dates matters. An expired certificate can mean lost trust, abandoned shopping carts, reputational damage, and privacy risk for both the site and its users.
  3. CertDB isn’t only for IT professionals. By exploring certificates you can analyse the activity of individual organisations, entire industries, or whole markets, and spot trends.
  4. A company issuing a certificate under another organisation’s domains can signal a collaboration or acquisition - insight that can generate profit, or even trigger an investigation where there are signs of unfair practice.
  5. Security teams can use CertDB to research problematic certificates and reduce the surface for attacks.
  6. A commercial SSL vendor can grow sales by alerting companies to affected domains and subdomains.
  7. A newly registered domain hinting at an upcoming ICO can feed competitive analysis or business intelligence - and help the data owner raise funds for potential investment.
  8. A new, unknown domain registered in, say, Palo Alto may hint at a startup; a switch from a wildcard certificate to Let’s Encrypt can suggest budget constraints.
  9. By comparing the number of certificates issued per country - and per capita - you can gauge the maturity of a country’s IT infrastructure.

We’re just at the start of our journey, and we’d genuinely appreciate any help - constructive feedback, advice, mentions, coverage, and connections.

Competition and USP#

Do you have active competition, and what’s your USP?

CertDB’s key selling points:

  • It’s completely free. We build these projects as volunteers for educational and research purposes, and they’ll stay free forever.
  • It holds the most complete certificate database on the internet.
  • It’s the most accurate, refreshed daily by scanning the whole internet.
  • It has the best UI of its kind, because we care about user experience as much as the data.

We analyse the web 24/7 to offer you the most complete and up-to-date information about SSL certificates on the internet.

CertDB also provides free access to a powerful API. You can use it for practical research, for educational purposes, or to build other programs and services on top of it.

The service supports search across multiple criteria with quality filtering, and it aggregates data along different dimensions so you can see the picture at a larger scale. We pay close attention to UX, page-load speed, and the small details - our projects are user-oriented, and our developers constantly study behavioural signals and user feedback to make them better.

Versus crt.sh and Censys#

How do you stack up against crt.sh or Censys?

At first glance our work on certificates looks very similar to censys.io. We started from the same problems that developers and experts face, so our search mechanisms overlap in a number of ways. That said, we’ve worked hard to make our projects usable by non-professionals while still surfacing genuinely valuable information. It’s a complex, lengthy process, but we’re deeply committed to building - and showing the market - a product for a wide audience, not just for geeks.

Choosing what to scan#

You’ve mentioned scanning and sensors - how do you decide which sites to shortlist?

Our team doesn’t only deal with digital certificates, of course. Right now we’re exploring the web across the entire IPv4 range using a variety of techniques. A significant part of our starting data came from public sources, some we discovered ourselves, and some comes from partners. A submission form seems unnecessary to us - there are hardly any domains we don’t already know about.

Scan frequency and priority#

How often will you scan, and do you prioritise?

We’re preparing infrastructure for regular, systematic scanning of every known point on the internet. Within about a month we expect to refresh the data for any point that has shown signs of life in the last six months at least every two weeks - and in practice, we expect to do it far more often.

Security testing#

Have you done any security testing or assessment, or do you plan to?

Most of the SPYSE team works in IT security, and the project ideas were originally born out of our own daily needs. We’ve done - and continue to do - testing for many companies under NDA, so there’s a lot of knowledge behind this. We deliberately keep those engagements separate from our public services, though: those are aimed at a much wider audience, for educational purposes, to give people more opportunity to study the internet and researchers a free way to explore and analyse it.

As for the security of our own projects, we try to do it right - though we haven’t treated it as a separate focus, because there’s nothing here to steal.

Will it stay free?#

Will the service stay free, or will there be a paid tier for better search and filters?

We plan to keep our services entirely free. We want to believe our work is genuinely useful to people - that’s what motivates us most. We really want to spread the word about these free services and get them into the hands of everyday users, and we hope readers of this article can help us do that.

Keep it up, folks - I’m excited to see what you build next.