sct

command module
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2026 License: MIT Imports: 26 Imported by: 0

README

sct

A command-line tool for inspecting Certificate Transparency tiled logs using the Static CT API.

Requirements

  • Go 1.24 or later

Installation

go install github.com/h-kwnm/sct@latest

Commands

logs — List CT logs

Fetches the log list from Google's repository and caches it locally. Subsequent invocations use the cache.

sct logs
sct logs --refresh          # re-fetch from Google
sct logs --state usable     # filter by state (usable, readonly, retired, qualified, pending, rejected)

The assigned ID is used by other commands to identify a log.

checkpoint — Fetch a log checkpoint

Fetches the current signed checkpoint from a log's monitoring URL and prints it as JSON.

sct checkpoint --log <id>
data — Fetch a data tile

Fetches the data tile containing the given leaf index, parses its entries, and prints it as JSON. Additionally, data tile entries including the leaf are saved as a JSON file when the --out option is specified.

sct data --log <id> --index <leaf-index>
sct data --log <id> --index <leaf-index> --out <dir>   # save to specific directory, e.g., /tmp
get-sct — Extract SCT extension contents

Extracts SCT extension contents from a PEM-formatted certificate file and prints them as JSON.

sct get-sct --pem <pem-file>
audit — Verify whether the leaf at the given index is included in the log

Verifies whether the leaf at the given index is included in the log. The verification result is reported in the verification_success field of the JSON-formatted output. The output includes information on which tiles and hashes are used for the verification.

sct audit --log <id> --index <leaf-index>
audit-path — Print audit path for a specified combination of leaf index and tree size

Prints the audit path in JSON format. This path consists of Merkle Tree Nodes in the form of {"start":m,"end":n}, which corresponds to MTH[m,n] format used in RFC 6962's notation.

sct audit-path --index <leaf-index> --size <tree-size>
audit-tile — Print tiles for a specified combination of leaf index and tree size

Prints the tiles in JSON format. The tiles field shows which tiles to fetch and which hash positions within each tile to use for proof verification.

sct audit-tile --index <leaf-index> --size <tree-size>
version — Print version
sct version

Options

Flag Description
--debug Enable debug logging (output to stderr) 
sct --debug data --log <id> --index <leaf-index>

Cache

The log list is cached at ~/.cache/sct/logs.json. Run sct logs --refresh to update it.

License

MIT

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.