Certificate transparency logs are an amazing way to get a good overview of your certificate landscape, detect fraud (bad guys also use TLS) and find shadow IT and unknown cloud services. The problem is that there are not many good places to search these logs. The best I have found is from Symantec, although it is slow and errors out often but it works for what I need.
The best way to get the data from this service I found is with this simple bash script I put together that runs a curl command and downloads a .csv.
Running is is as simple as:
Unless you are really on top of your game you are likely to find a valid certificate you didn’t know about.