certgraph v20210224 releases: crawl the graph of certificate Alternate Names
A tool to crawl the graph of certificate Alternate Names
CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain’s certificate are the edges to other domain nodes. New domains are printed as they are found. Detailed mode upon completion, the Graph’s adjacency list is printed.
Crawling defaults to collecting certificate by connecting over TCP, however, there are multiple drivers that can search Certificate Transparency logs.
This tool was designed to be used for hostname enumeration via SSL certificates, but it can also show you a “chain” of trust between domains and the certificates that re-used between them.
- added multi driver
- fixed race condition
- lowercased domains
- version bump
- linux and mac arm64 support
CertGraph has multiple options for querying SSL certificates. The driver is responsible for retrieving the certificates for a given domain. Currently, there are the following drivers:
- http this is the default driver which works by connecting to the hosts over HTTPS and retrieving the certificates from the SSL connection
- smtp like the http driver, but connects over port 25 and issues the starttls command to retrieve the certificates from the SSL connection
- crtsh this driver searches Certificate Transparency logs via crt.sh. No packets are sent to any of the domains when using this driver
- google this is another Certificate Transparency driver that behaves like crtsh but uses the Google Certificate Transparency Lookup Tool
Copyright (C) 2017 lanrat