Skip to content
/ certina Public

Certina is an OSINT tool for red teamers and bug hunters to discover subdomains from web certificate data

License

Notifications You must be signed in to change notification settings

n0mi1k/certina

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 

Repository files navigation

certina

certina is an information gathering tool for red teamers to discover subdomains from web certificate data.

Options

USAGE:
  python3 certina.py [flags]

FLAGS:
   -h, --help        Show help message and exit
   -d, --domain      Endpoint to scan separate by commas for multiple domains
   -s, --socket      Enable SSL connection with raw socket (Default: False)
   -i, --input       Input file containing lines of domains
   -o, --output      Output filename to save results
   -c, --certonly    Show only certificate info without further enumeration (Default: False)
   -r, --request     Follow up with GET request to check web-alive (Default: False)
   -a, --all         Crawl all HTTPS domains (Coming soon)

Running Certina

  • Full enumeration with SAN extension, cert transparency logs (crt.sh) and check if web-alive (Recommended)
    python3 certina.py -d example.com -r

  • Quiet enumeration with SAN extension, cert transparency logs [Sends ONLY 1 request to grab the cert]
    python3 certina.py -d example.com

  • Only grab certificate info and SAN extension domains
    python3 certina.py -d example.com -c

  • Running on multiple domains at once
    python3 certina.py -d "example.com, example2.com" or
    python3 certina.py -i input.txt

  • Running with raw socket mode without SSL library
    python3 certina.py -d example.com -s

  • Output results to file
    python3 certina.py -d example.com -o output.txt

Demonstration

CleanShot 2024-02-20 at 23 22 36@2x

Dependencies

To install Python dependencies, run pip install -r requirements.txt

Disclaimer

This tool is for educational and testing purposes only. Do not use it to exploit the vulnerability on any system that you do not own or have permission to test. The authors of this script are not responsible for any misuse or damage caused by its use.

About

Certina is an OSINT tool for red teamers and bug hunters to discover subdomains from web certificate data

Topics

Resources

License

Stars

Watchers

Forks

Languages