hefftools.dev Infrastructure-focused data utilities Download Certificate Transparency Logs as Normalized JSON ct-cert-feed publishes deterministic daily snapshots of Certificate Transparency (CT) logs, normalized into stable JSON for bulk ingestion, historical replay, and offline analysis. Overview Guides Pricing License Schemas & examples Bulk CT log download Daily deterministic snapshots Normalized JSON schema Replayable by date No active scanning Building a Certificate Transparency pipeline is harder than it looks Teams that ingest CT logs directly often encounter operational complexity: Fetching and paging CT log entries reliably at scale Handling x509 vs precertificate entries correctly Normalizing SAN DNS names and subject fields Managing schema drift over time Replaying CT data deterministically by date Maintaining brittle parsing code across multiple logs ct-cert-feed provides a normalized daily snapshot so your team can focus on analysis instead of maintaining CT ingestion infrastructure. Technical guides If you’re evaluating CT ingestion or building internally, start here: How to Download and Parse Certificate Transparency Logs at Scale Browse all ct-cert-feed guides These guides include the failure modes ct-cert-feed was built to eliminate: short reads, partial pages, retries/backoff, and x509 vs precertificate handling. What ct-cert-feed provides A deterministic daily snapshot of certificate lifecycle facts derived from selected public CT logs. Each record represents one CT entry. CT log metadata (log name, index, timestamp) Entry timestamp Certificate serial number Validity window (not_before, not_after) Subject and issuer attributes SAN DNS names Public key algorithm and size Signature algorithm Precertificate metadata (when applicable) The dataset contains structured facts only. No scoring or enrichment is applied. Snapshot format Each daily snapshot is delivered as: records.jsonl.gz # newline-delimited JSON (gzip) stats.json # totals + per-log breakdown Designed for bulk ingestion into Postgres, analytics systems, or custom pipelines. Designed for Certificate inventory systems Attack surface management platforms Security research teams Compliance and lifecycle analytics Offline CT log analysis and replay What this is not Not a TLS monitoring service Not an alerting system Not a vulnerability scanner Not a policy enforcement engine Not an active internet-wide probe ct-cert-feed publishes normalized CT data only. Interpretation and risk analysis belong downstream. Schema & examples Canonical schema definitions and sample artifacts are published publicly for evaluation. View schemas & examples on GitHub Access Current daily snapshots are delivered via authenticated HTTPS. Stable URLs and deterministic date-based paths are provided for automation. For licensing inquiries, email [email protected] . Include organization, intended use, and retention requirements. © HeffTools Overview · Guides · Pricing · License