Packages and Binaries:
This package contains a tool to crawl the graph of certificate Alternate Names. CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain’s certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph’s adjacency list is printed.
Crawling defaults to collecting certificate by connecting over TCP, however there are multiple drivers that can search Certificate Transparency logs.
This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a “chain” of trust between domains and the certificates that re-used between them.
How to install:
sudo apt install certgraph
root@kali:~# certgraph -h
Usage of certgraph: [OPTION]... HOST...
include certificates from CDNs
include expired certificates in certificate transparency search
include sub-domains in certificate transparency search
maximum BFS depth to go (default 5)
print details about the domains crawled
check for DNS records to determine if domain is registered
driver to use [crtsh, google, http, smtp] (default "http")
print the graph as json, can be used for graph in web UI
number of certificates to retrieve in parallel (default 10)
maximum number of uniq TLD+1 domains in certificate to include, 0 has no limit (default 80)
save certs to folder in PEM format
tcp timeout in seconds (default 10)
for every domain found, add tldPlus1 of the domain's parent
Update the default Public Suffix List
print version and exit
Updated on: 2022-Aug-05