View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004348 | Kali Linux | [All Projects] Queued Tool Addition | public | 2017-11-12 22:15 | 2020-11-11 23:49 |
| Reporter | lanrat | Assigned To | sbrun | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Target Version | Fixed in Version | 2020.4 | |||
| Summary | 0004348: CertGraph | ||||
| Description | I am the author of CertGraph, a tool to crawl the graph of certificate Alternate Names, over both SSL connections as well as Certificate Transparency. CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph's adjacency list is printed. This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re-used between them. UI/Demo: https://lanrat.github.io/certgraph/ Source: https://github.com/lanrat/certgraph | ||||
|
|
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us): - [Name] - The name of the tool - [Version] - What version of the tool should be added? --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag) - [Homepage] - Where can the tool be found online? Where to go to get more information? - [Download] - Where to go to get the tool? - [Author] - Who made the tool? - [Licence] - How is the software distributed? What conditions does it come with? - [Description] - What is the tool about? What does it do? - [Dependencies] - What is needed for the tool to work? - [Similar tools] - What other tools are out there? - [How to install] - How do you compile it? - [How to use] - What are some basic commands/functions to demonstrate it? |
|
|
[Name] CertGraph [Version] Latest. CertGraph uses rolling releases. The current latest release is 20171216. (each release has a git tag and a precompiled binary on github) [Homepage] https://github.com/lanrat/certgraph [Download] https://github.com/lanrat/certgraph/releases [Author] Ian Foster [Licence] GPL-2.0 (https://github.com/lanrat/certgraph/blob/master/LICENSE) [Description] CertGraph is an open source intelligence tool to crawl the graph of certificate Alternate Names CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph's adjacency list is printed. Crawling defaults to collectng certificate by connecting over TCP, however there are multiple drivers that can search Certificate Transparency logs. This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re-used between them. [Dependencies] None, release is a static binary. [Similar tools] Sublist3r - sub-domain enumeration https://crt.sh/ - Certificate Transparency Search Neither of these tools crawl and display the graph of certificate alternative names, which is the main advantage of CertGraph. [How to install] Install golang 1.9 or newer and the dep dependency tool for golang (https://github.com/golang/dep) then run `make dep`, and `make`. Alternatively, a pre-compiled release can be downloaded from the releases page on github. I can also add pre-packaged deb packages to the releases if it would help. [How to use] Example usage: $certgraph --driver crtsh --ct-subdomains kali.org kali.org archive-11.kali.org docs.kali.org www.kali.org archive-9.kali.org pkg.kali.org images.kali.org archive-10.kali.org shop.kali.org archive-8.kali.org www.docs.kali.org archive-12.kali.org archive.kali.org archive-7.kali.org archive-5.kali.org tools.kali.org http.kali.org downloads.kali.org bugs.kali.org archive-2.kali.org archive-3.kali.org www.forums.kali.org cdimage.kali.org archive-4.kali.org forums.kali.org archive-6.kali.org images.offensive-security.com To create a visual graph add the --json flag and provide the data to the github site at https://lanrat.github.io/certgraph or the single page html site inside the docs folder. Generated graph: https://lanrat.github.io/certgraph/?data=https://gist.githubusercontent.com/lanrat/cdbbcbb5d5043527c747ce1b78a82cae/raw/30a6fce3855efd36813e26c29a6720295e3dac95/kali.json |
|
|
@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging |
|
|
certgraph is now in kali-rolling http://pkg.kali.org/pkg/certgraph |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-11-12 22:15 | lanrat | New Issue | |
| 2018-01-29 14:45 | g0tmi1k | Note Added: 0008364 | |
| 2018-01-29 22:48 | lanrat | Note Added: 0008556 | |
| 2018-02-21 09:35 | g0tmi1k | Product Version | 2017.2 => |
| 2020-01-06 13:25 | g0tmi1k | Summary | CertGraph inclusion in Kali => CertGraph |
| 2020-02-10 13:43 | g0tmi1k | Note Added: 0012064 | |
| 2020-02-10 13:43 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |
| 2020-02-13 14:23 | g0tmi1k | Status | new => acknowledged |
| 2020-06-17 14:58 | g0tmi1k | Severity | feature => minor |
| 2020-08-03 18:03 | rhertzog | Assigned To | => sbrun |
| 2020-08-03 18:03 | rhertzog | Status | acknowledged => assigned |
| 2020-08-03 18:05 | rhertzog | Status | assigned => resolved |
| 2020-08-03 18:05 | rhertzog | Resolution | open => fixed |
| 2020-08-03 18:05 | rhertzog | Note Added: 0013171 | |
| 2020-11-11 23:49 | g0tmi1k | Fixed in Version | => 2020.4 |