An open source intelligence tool to crawl the graph of certificate Alternate Names
CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph's adjacency list is printed.
Crawling defaults to collecting certificate by connecting over TCP, however there are multiple drivers that can search Certificate Transparency logs.
This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re-used between them.
CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph's adjacency list is printed.
Crawling defaults to collecting certificate by connecting over TCP, however there are multiple drivers that can search Certificate Transparency logs.
This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re-used between them.
To install certgraph, run the following command in macOS terminal (Applications->Utilities->Terminal)
sudo port install certgraph
To see what files were installed by certgraph, run:
port contents certgraph
To later upgrade certgraph, run:
sudo port selfupdate && sudo port upgrade certgraph
Reporting an issue on MacPorts Trac
The MacPorts Project uses a system called Trac to file tickets to report bugs and enhancement requests.
Though anyone may search Trac for tickets, you must have a GitHub account in order to login to Trac to create tickets.