certgraph ☆

« Back to VersTracker

Description:
Crawl the graph of certificate Alternate Names

Type: Formula | Latest Version: 0.1.2@0 | Tracked Since: Dec 17, 2025

Links: Homepage | formulae.brew.sh

Category: Security

Tags: security osint certificates pentesting reconnaissance

Install: brew install certgraph

About:
CertGraph is a command-line utility that crawls the web to discover SSL/TLS certificates and maps their relationships through shared Alternative Names (SANs). This process helps visualize the graph of connections between different domains and subdomains controlled by the same entity. It is a valuable tool for security researchers and penetration testers looking to identify the full scope of a target's digital footprint.

Key Features:

Crawls certificate transparency logs and live sites to discover related domains
Generates a graph of certificate relationships via shared SANs
Outputs data in formats suitable for visualization or further analysis
Identifies potential lateral movement paths for security assessments

Use Cases:

Mapping the attack surface of a target organization by discovering all related domains
Investigating infrastructure ownership and relationships during OSINT research
Identifying forgotten or shadow IT assets for security audits

Alternatives:

crt.sh – Provides a web interface and API for querying certificate transparency logs, but lacks the automated graph crawling and visualization of CertGraph.
subfinder – Focuses on passive subdomain enumeration from various sources, while CertGraph specifically uses certificate data to find related domains.

License: GPL-2.0-or-later

Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, arm64_ventura, sonoma, ventura, arm64_linux, x86_64_linux

Version History

Detected	Version	Rev	Change	Commit
Oct 10, 2025 3:00am		0	VERSION_BUMP	30211da9
Sep 13, 2025 4:16am		0	VERSION_BUMP	bb8570fa