To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

• [Name] - The name of the tool
• [Version] - What version of the tool should be added?
  --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
• [Homepage] - Where can the tool be found online? Where to go to get more information?
• [Download] - Where to go to get the tool?
• [Author] - Who made the tool?
• [Licence] - How is the software distributed? What conditions does it come with?
• [Description] - What is the tool about? What does it do?
• [Dependencies] - What is needed for the tool to work?
• [Similar tools] - What other tools are out there?
• [How to install] - How do you compile it?
• [How to use] - What are some basic commands/functions to demonstrate it?

[Name]
CertGraph

[Version]
Latest. CertGraph uses rolling releases. The current latest release is 20171216. (each release has a git tag and a precompiled binary on github)

[Homepage]
https://github.com/lanrat/certgraph

[Download]
https://github.com/lanrat/certgraph/releases

[Author]
Ian Foster

[Licence]
GPL-2.0 (https://github.com/lanrat/certgraph/blob/master/LICENSE)

[Description]
CertGraph is an open source intelligence tool to crawl the graph of certificate Alternate Names

CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph's adjacency list is printed.

Crawling defaults to collectng certificate by connecting over TCP, however there are multiple drivers that can search Certificate Transparency logs.

This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re-used between them.

[Dependencies]
None, release is a static binary.

[Similar tools]
Sublist3r - sub-domain enumeration
https://crt.sh/ - Certificate Transparency Search

Neither of these tools crawl and display the graph of certificate alternative names, which is the main advantage of CertGraph.

[How to install]
Install golang 1.9 or newer and the dep dependency tool for golang (https://github.com/golang/dep) then run make dep, and make. Alternatively, a pre-compiled release can be downloaded from the releases page on github. I can also add pre-packaged deb packages to the releases if it would help.

[How to use]
Example usage: $certgraph --driver crtsh --ct-subdomains kali.org
kali.org
archive-11.kali.org
docs.kali.org
www.kali.org
archive-9.kali.org
pkg.kali.org
images.kali.org
archive-10.kali.org
shop.kali.org
archive-8.kali.org
www.docs.kali.org
archive-12.kali.org
archive.kali.org
archive-7.kali.org
archive-5.kali.org
tools.kali.org
http.kali.org
downloads.kali.org
bugs.kali.org
archive-2.kali.org
archive-3.kali.org
www.forums.kali.org
cdimage.kali.org
archive-4.kali.org
forums.kali.org
archive-6.kali.org
images.offensive-security.com

To create a visual graph add the --json flag and provide the data to the github site at https://lanrat.github.io/certgraph or the single page html site inside the docs folder.
Generated graph: https://lanrat.github.io/certgraph/?data=https://gist.githubusercontent.com/lanrat/cdbbcbb5d5043527c747ce1b78a82cae/raw/30a6fce3855efd36813e26c29a6720295e3dac95/kali.json

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

certgraph is now in kali-rolling

http://pkg.kali.org/pkg/certgraph