From 592aeff6ef288ed43a1e1e0b269bcf22613de3ec Mon Sep 17 00:00:00 2001 From: Ian Foster Date: Wed, 30 Aug 2017 17:19:03 -0700 Subject: [PATCH] updated documentation for CT --- README.md | 48 +++++++++++++++++++++++------------------------- certgraph.go | 3 +-- 2 files changed, 24 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index b92fa33..bcf73d5 100644 --- a/README.md +++ b/README.md @@ -1,55 +1,53 @@ # CertGraph ### A tool to crawl the graph of certificate Alternate Names -CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. Upon completion the Graph's adjacency list is printed. +CertGraph crawls SSL certificates creating a directed graph where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion the Graph's adjacency list is printed. -This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re used between them. +Crawling defaults to collectng certificate by connecting over TCP, however the `--ct` flag will use [Google's Certificate Transparency search](https://www.google.com/transparencyreport/https/ct/) to find additional certificates and domains. + +This tool was designed to be used for host name enumeration via SSL certificates, but it can also show you a "chain" of trust between domains and the certificates that re-used between them. ## Usage ``` Usage of ./certgraph: [OPTION]... HOST... + -ct + use certificate transparancy search to find certificates -depth uint - maximum BFS depth to go (default 20) + maximum BFS depth to go, default: 20 (default 20) + -details + print details about the domains crawled -json - print the graph as json - -list - only print the domains found and not the entire graph + print the graph as json, can be used for graph in web UI + -notls + don't connect to hosts to collect certificates -parallel uint - number of certificates to retrieve in parallel (default 10) + number of certificates to retrieve in parallel, default: 10 (default 10) -port uint tcp port to connect to (default 443) -save string save certs to folder in PEM formate - -sort - visit and print domains in sorted order -starttls connect without TLS and then upgrade with STARTTLS for SMTP, useful with -port 25 -timeout uint tcp timeout in seconds (default 5) -verbose verbose logging + -version + print version and exit ``` ## Example ``` -$ ./certgraph eff.org -eff.org 0 Good 5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5 [maps.eff.org web6.eff.org eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org] -web6.eff.org 1 Good AF842FA69A720E9FB2F37BAF723A20F80B8C2072693E55D0A1EA78C7BABE2699 [*.eff.org *.dev.eff.org *.s.eff.org *.staging.eff.org] -https-everywhere-atlas.eff.org 1 Good 5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5 [kittens.eff.org maps.eff.org web6.eff.org eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org] -maps.eff.org 1 Good 5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5 [maps.eff.org web6.eff.org eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org] -atlas.eff.org 1 Good 5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5 [eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org maps.eff.org web6.eff.org] -httpse-atlas.eff.org 1 Good 5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5 [eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org maps.eff.org web6.eff.org] -kittens.eff.org 1 Good 5C699512FD8763FC50A105A14DB2526A10AE6EAC3E79F5F44A7F99E90189FBE5 [eff.org atlas.eff.org https-everywhere-atlas.eff.org httpse-atlas.eff.org kittens.eff.org maps.eff.org web6.eff.org] -dev.eff.org 2 No Host [] -s.eff.org 2 Good AF842FA69A720E9FB2F37BAF723A20F80B8C2072693E55D0A1EA78C7BABE2699 [*.eff.org *.dev.eff.org *.s.eff.org *.staging.eff.org] -staging.eff.org 2 Good AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F [max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org] -leez-dev-supporters.eff.org 3 Good AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F [staging.eff.org max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org] -micah-dev2-supporters.eff.org 3 Good AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F [max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org] -max-dev-supporters.eff.org 3 Good AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F [max-dev-supporters.eff.org leez-dev-supporters.eff.org max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org] -max-dev-www.eff.org 3 Good AC3933B1B95BA5254F43ADBE5E3E38E539C74456EE2D00493F0B2F38F991D54F [max-dev-www.eff.org micah-dev2-supporters.eff.org staging.eff.org max-dev-supporters.eff.org leez-dev-supporters.eff.org] +$ ./certgraph --details eff.org +eff.org 0 Good 42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325 +maps.eff.org 1 Good 42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325 +https-everywhere-atlas.eff.org 1 Good 42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325 +httpse-atlas.eff.org 1 Good 42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325 +atlas.eff.org 1 Good 42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325 +kittens.eff.org 1 Good 42E3E4605D8BB4608EB64936E2176A98B97EBF2E0F8F93A64A6640713C7D4325 ``` The above output represents the adjacency list for the graph for the root domain `eff.org`. The adjacency list is in the form: -`Node Depth Status Cert-Fingerprint [Edge1 Edge2 ... EdgeN]` +`Node Depth Status Cert-Fingerprint` ## [Releases](https://github.com/lanrat/certgraph/releases) diff --git a/certgraph.go b/certgraph.go index b93b957..91dca67 100644 --- a/certgraph.go +++ b/certgraph.go @@ -108,7 +108,6 @@ func NewDomainNode(domain string, depth uint) *DomainNode { // get the string representation of a node func (d *DomainNode) String() string { if details { - // TODO need to update this and documentation after refractor cert := "" if d.Status == GOOD { cert = d.VisitedCert.HexString() @@ -139,7 +138,7 @@ type CertNode struct { } func (c *CertNode) String() string { - // TODO need to update this and documentation after refractor + //TODO Currently unused.. ct := "" if c.CT { ct = "CT"