Skip to main content

Certify is a python tool designed to check the security of SSL/TLS certificates.

Project description

Certify

Certify is a powerful and easy-to-use Python tool designed to check the security of SSL/TLS certificates. It provides a range of options for analyzing certificates and identifying potential security risks, including the ability to display subject alternative names, subject common names, organization name, TLS version, cipher, certificate fingerprint hashes, JARM hash, certificate serial number, certificate pinning status, certificate authority verification, and certificate validity.

Certify also includes a number of features for identifying common certificate misconfigurations, such as expired, self-signed, mismatched, revoked, and untrusted certificates. The tool supports scanning individual hosts or lists of hosts, and allows for flexible output options, including the ability to write output to a file or display it in JSON format.

Whether you're a security researcher, network administrator, or just someone who wants to ensure the security of your online communications, Certify is an indispensable tool for analyzing SSL/TLS certificates and identifying potential security risks. With its powerful features and intuitive interface, it makes it easy to stay on top of the latest security threats and keep your systems safe and secure.

Installation Through PIP

To install dependencies, use the following command:

pip install -r requirements.txt

To import certify as module, install it using the following command:

pip install certifycert

Installation with Docker

This tool can also be used with Docker. To set up the Docker environment, follow these steps (trying using with sudo, if you get any error):

docker build -t certify:latest .

Using the Certify as command-line tool

To run the Certify on a hostname, provide the hostname with the -d flag:

python3 certify -d example.com

For an overview of all commands use the following command:

python3 certify -h

The output shown below are the latest supported commands.

usage: python3 certify [-h] [-v] [-d hostname] [-l file_path] [-p port] [-an] [-cn] [-on] [-tv] [-cipher] [-hash hash_name] [-jarm] [-sn] [-pin] [-av] [-vu] [-ex] [-ss] [-mm] [-re] [-un]
                       [-o file_path] [-j] [-silent]

Certify is a python tool designed to check the security of SSL/TLS certificates.

options:
  -h, --help            show this help message and exit
  -v, -version          display project version

INPUT:
  -d hostname, -host hostname
                        target host to scan (-d HOST1,HOST2)
  -l file_path, -list file_path
                        target list to scan (-l INPUT_FILE)
  -p port, -port port   target port to scan (default 443)

PROBES:
  -an                   display subject alternative names
  -cn                   display subject common names
  -on                   display subject organization name
  -tv, -tls-version     display used tls version
  -cipher               display used cipher
  -hash hash_name       display certificate fingerprint hashes (md5, sha1, sha224, sha256, sha384, sha512)
  -jarm                 display jarm hash
  -sn, -serial          display certificate serial number
  -pin                  display certificate pinning status
  -av, -authority-verification
                        display certificate authority verification (issued to, issued by)
  -vu, -valid-until     display certificate valid until

MISCONFIGURATIONS:
  -ex, -expired         display host with host expired certificate
  -ss, -self-signed     display host with self-signed certificate
  -mm, -mismatched      display host with mismatched certificate
  -re, -revoked         display host with revoked certificate
  -un, -untrusted       display host with untrusted certificate

OUTPUT:
  -o file_path, -output file_path
                        file to write output to
  -j, -json             display output in jsonline format
  -silent               display silent output

python3 certify -d example.com -tv

Examples

Example 1:

> python3 certify -d cybersapien.tech -tv

 ██████╗███████╗██████╗ ████████╗██╗███████╗██╗   ██╗
██╔════╝██╔════╝██╔══██╗╚══██╔══╝██║██╔════╝╚██╗ ██╔╝
██║     █████╗  ██████╔╝   ██║   ██║█████╗   ╚████╔╝
██║     ██╔══╝  ██╔══██╗   ██║   ██║██╔══╝    ╚██╔╝
╚██████╗███████╗██║  ██║   ██║   ██║██║        ██║
 ╚═════╝╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝╚═╝        ╚═╝
     Coded with Love by Shivam Saraswat (@cybersapien)

cybersapien.tech:443 [TLSv1.3]

Example 2:

> python3 certify -l domains.txt -o cert.out -tv -on -cipher -hash sha512 -jarm -sn -pin -av -vu -silent
google.com:443 [TLSv1.3] [TLS_AES_256_GCM_SHA384] [256 bits] [20720863506ab451420d11d72c72d312674d61a822a642812ff8cde635ffd92e2fa6172d00fd0b033116b6d07e4b89c0412eae00af58deb0ddc5ecf5ac63b96a] [27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d] [F27B612A054C603612DE2BB967B1F2CC] [Passed] [google.com] [GTS CA 1C3] [May 25, 2023 04:20:59 AM]
facebook.com:443 [Meta Platforms, Inc.] [TLSv1.3] [TLS_CHACHA20_POLY1305_SHA256] [256 bits] [6bc40449e06861f4d824fb941690c4b08688d2b720381a311af696a7b586f7630d52af11a17c3ebcbcb45d54b083a86d5d445a0782640835b58ff92b184b58b8] [27d27d27d0000001dc41d43d00041d286915b3b1e31b83ae31db5c5a16efc7] [01E6B342797813A1BE6E94AFC5457350] [Passed] [facebook.com] [DigiCert SHA2 High Assurance Server CA] [March 26, 2023 11:59:59 PM]

Example 3:

> python3 certify -d cybersapien.tech,facebook.com -an -cn

 ██████╗███████╗██████╗ ████████╗██╗███████╗██╗   ██╗
██╔════╝██╔════╝██╔══██╗╚══██╔══╝██║██╔════╝╚██╗ ██╔╝
██║     █████╗  ██████╔╝   ██║   ██║█████╗   ╚████╔╝
██║     ██╔══╝  ██╔══██╗   ██║   ██║██╔══╝    ╚██╔╝
╚██████╗███████╗██║  ██║   ██║   ██║██║        ██║
 ╚═════╝╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝╚═╝        ╚═╝
     Coded with Love by Shivam Saraswat (@cybersapien)

cybersapien.tech:443 [cybersapien.tech]
cybersapien.tech:443 [www.cybersapien.tech]
cybersapien.tech:443 [cybersapien.tech]

facebook.com:443 [facebook.com]
facebook.com:443 [facebook.net]
facebook.com:443 [fbcdn.net]
facebook.com:443 [fbsbx.com]
facebook.com:443 [m.facebook.com]
facebook.com:443 [messenger.com]
facebook.com:443 [xx.fbcdn.net]
facebook.com:443 [xy.fbcdn.net]
facebook.com:443 [xz.fbcdn.net]
facebook.com:443 [facebook.com]

Using the Certify as module

Examples

Example 1

from certify import Certify

print(Certify.is_expired('expired.badssl.com'))

Example 2

from certify import Certify

print(Certify.alternative_names('google.com'))

Using the Docker Container

A typical run through Docker would look as follows:

docker run -it --rm certify -d hostname

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certifycert-0.1.0.tar.gz (16.8 kB view details)

Uploaded Source

Built Distribution

certifycert-0.1.0-py3-none-any.whl (19.7 kB view details)

Uploaded Python 3

File details

Details for the file certifycert-0.1.0.tar.gz.

File metadata

  • Download URL: certifycert-0.1.0.tar.gz
  • Upload date:
  • Size: 16.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.6

File hashes

Hashes for certifycert-0.1.0.tar.gz
Algorithm Hash digest
SHA256 998ab768408c1f80299b705d3adf813fb717acc70a884acf9926a4a3d80d0a09
MD5 b73b52900b7d2df71e43403254ebe5fc
BLAKE2b-256 4ed2ea9f5fce2a8ec6c38f98f2a0f70f863f1fc5e25f9b549bd9ab385bb0a5cb

See more details on using hashes here.

File details

Details for the file certifycert-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: certifycert-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 19.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.6

File hashes

Hashes for certifycert-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d3c2bddfb713b59d2adebcbc8423d4389b3439ad8169b705e632e4b3d329ed99
MD5 7b62848ee1c76c9ed6d7fe6b97d78238
BLAKE2b-256 1dc0979bfdd48338b639f8d441ab4b7d69153e15667209aa05f7fe55d734df44

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page