updated documentation for CT

lanrat · Aug 31, 2017 · 592aeff · 592aeff
1 parent 37ad786
commit 592aeff
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -1,55 +1,53 @@
 # CertGraph
 ### A tool to crawl the graph of certificate Alternate Names
 
-CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. Upon completion the Graph's adjacency list is printed.
+CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph's adjacency list is printed.
 
-This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re used between them.
+Crawling defaults to collectng certificate by connecting over TCP, however the `--ct` flag will use [Google's Certificate Transparency search](https://www.google.com/transparencyreport/https/ct/) to find additional certificates and domains.
+
+This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re-used between them.
 
 ## Usage
 ```
 Usage of ./certgraph: [OPTION]... HOST...
+  -ct
+        use certificate transparancy search to find certificates
   -depth uint
-        maximum BFS depth to go (default 20)
+        maximum BFS depth to go, default: 20 (default 20)
+  -details
+        print details about the domains crawled
   -json
-        print the graph as json
-  -list
-        only print the domains found and not the entire graph
+        print the graph as json, can be used for graph in web UI
+  -notls
+        don't connect to hosts to collect certificates
   -parallel uint
-        number of certificates to retrieve in parallel (default 10)
+        number of certificates to retrieve in parallel, default: 10 (default 10)
   -port uint
         tcp port to connect to (default 443)
   -save string
         save certs to folder in PEM formate
-  -sort
-        visit and print domains in sorted order
   -starttls
         connect without TLS and then upgrade with STARTTLS for SMTP, useful with -port 25
   -timeout uint
         tcp timeout in seconds (default 5)
   -verbose
         verbose logging
+  -version
+        print version and exit
 ```
 
 ## Example
 ```
-$ ./certgraph eff.org
-eff.org 0       Good    5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5        [maps.eff.org web6.eff.org eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org]
-web6.eff.org    1       Good    AF842FA69A720E9FB2F37BAF723A20F80B8C2072693E55D0A1EA78C7BABE2699        [*.eff.org *.dev.eff.org *.s.eff.org *.staging.eff.org]
-https-everywhere-atlas.eff.org  1       Good    5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5        [kittens.eff.org maps.eff.org web6.eff.org eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org]
-maps.eff.org    1       Good    5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5        [maps.eff.org web6.eff.org eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org]
-atlas.eff.org   1       Good    5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5        [eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org maps.eff.org web6.eff.org]
-httpse-atlas.eff.org    1       Good    5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5        [eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org maps.eff.org web6.eff.org]
-kittens.eff.org 1       Good    5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5        [eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org maps.eff.org web6.eff.org]
-dev.eff.org     2       No Host         []
-s.eff.org       2       Good    AF842FA69A720E9FB2F37BAF723A20F80B8C2072693E55D0A1EA78C7BABE2699        [*.eff.org *.dev.eff.org *.s.eff.org *.staging.eff.org]
-staging.eff.org 2       Good    AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F        [max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org]
-leez-dev-supporters.eff.org     3       Good    AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F        [staging.eff.org max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org]
-micah-dev2-supporters.eff.org   3       Good    AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F        [max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org]
-max-dev-supporters.eff.org      3       Good    AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F        [max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org]
-max-dev-www.eff.org     3       Good    AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F        [max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org max-dev-supporters.eff.org leez-dev-supporters.eff.org]
+$ ./certgraph --details eff.org
+eff.org 0       Good    42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325
+maps.eff.org    1       Good    42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325
+https-everywhere-atlas.eff.org  1       Good    42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325
+httpse-atlas.eff.org    1       Good    42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325
+atlas.eff.org   1       Good    42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325
+kittens.eff.org 1       Good    42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325
 ```
 The above output represents the adjacency list for the graph for the root domain `eff.org`. The adjacency list is in the form:
-`Node    Depth    Status    Cert-Fingerprint    [Edge1 Edge2 ... EdgeN]`
+`Node    Depth    Status    Cert-Fingerprint`
 
 ## [Releases](https://github.com/lanrat/certgraph/releases)
 

diff --git a/certgraph.go b/certgraph.go
@@ -108,7 +108,6 @@ func NewDomainNode(domain string, depth uint) *DomainNode {
 // get the string representation of a node
 func (d *DomainNode) String() string {
 	if details {
-		// TODO need to update this and documentation after refractor
 		cert := ""
 		if d.Status == GOOD {
 			cert = d.VisitedCert.HexString()
@@ -139,7 +138,7 @@ type CertNode struct {
 }
 
 func (c *CertNode) String() string {
-	// TODO need to update this and documentation after refractor
+	//TODO Currently unused..
 	ct := ""
 	if c.CT {
 		ct = "CT"