This week we’ve got another complex query. This one looks for certificates with localhost in the subject or issuer name that were created in the last 7 days. This could potentially point to misconfigured environments or systems exposed to the Internet. This query was shared by Emily on our research team.

(parsed.subject.common_name: "localhost" or parsed.issuer.common_name: "localhost") and parsed.validity_period.not_before: rnow-7d to now]
 

This is part of a regular series of posts in which we highlight useful, interesting, and otherwise cool queries for use with Censys Search and ASM. If you have any questions, similar queries, or custom versions of this week’s highlight, let us know!