{"id":18564149,"url":"https://github.com/shivamsaraswat/certify","last_synced_at":"2025-04-10T04:31:31.544Z","repository":{"id":188037894,"uuid":"615468421","full_name":"shivamsaraswat/certify","owner":"shivamsaraswat","description":"Certify is a python tool designed to check the security of SSL/TLS certificates. ","archived":false,"fork":false,"pushed_at":"2025-03-24T16:03:08.000Z","size":145,"stargazers_count":6,"open_issues_count":7,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-24T16:11:08.212Z","etag":null,"topics":["certificate-authority","certify","python","security","security-automation","ssl-certificate","tls","tls-certificate"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shivamsaraswat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-17T19:09:44.000Z","updated_at":"2025-01-28T19:53:55.000Z","dependencies_parsed_at":"2024-04-27T13:59:22.701Z","dependency_job_id":"2bfc071d-6321-4461-a640-b68a636727cb","html_url":"https://github.com/shivamsaraswat/certify","commit_stats":null,"previous_names":["shivamsaraswat/certify"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivamsaraswat%2Fcertify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivamsaraswat%2Fcertify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivamsaraswat%2Fcertify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivamsaraswat%2Fcertify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shivamsaraswat","download_url":"https://codeload.github.com/shivamsaraswat/certify/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248157414,"owners_count":21057006,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-authority","certify","python","security","security-automation","ssl-certificate","tls","tls-certificate"],"created_at":"2024-11-06T22:14:26.195Z","updated_at":"2025-04-10T04:31:31.181Z","avatar_url":"https://github.com/shivamsaraswat.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Certify - SSL/TLS Certificate Security Analysis Tool\n\nCertify is a powerful and easy-to-use Python tool designed to check the security of SSL/TLS certificates. It provides a range of options for analyzing certificates and identifying potential security risks, including the ability to display subject alternative names, subject common names, organization name, TLS version, cipher, certificate fingerprint hashes, JARM hash, certificate serial number, certificate pinning status, certificate authority verification, and certificate validity.\n\nCertify also includes a number of features for identifying common certificate misconfigurations, such as expired, self-signed, mismatched, revoked, and untrusted certificates. The tool supports scanning individual hosts or lists of hosts, and allows for flexible output options, including the ability to write output to a file or display it in JSON format.\n\nWhether you're a security researcher, network administrator, or just someone who wants to ensure the security of your online communications, Certify is an indispensable tool for analyzing SSL/TLS certificates and identifying potential security risks. With its powerful features and intuitive interface, it makes it easy to stay on top of the latest security threats and keep your systems safe and secure.\n\n## Installation Through PIP\nTo install dependencies, use the following command:\n\n```bash\npip install -r requirements.txt\n```\n\nTo import certify as module, install it using the following command:\n```bash\npip install certifycert\n```\n\n## Installation with Docker\nThis tool can also be used with [Docker](https://www.docker.com/). To set up the Docker environment, follow these steps (trying using with sudo, if you get any error):\n\n```bash\ndocker build -t certify:latest .\n```\n\nOR \n\nPull directly from [Docker Hub](https://hub.docker.com/r/shivamsaraswat/certify):\n\n```bash\ndocker pull shivamsaraswat/certify:latest\n```\n\n## Using the Certify as command-line tool\n\nTo run the Certify on a hostname, provide the hostname with the -d flag:\n\n```bash\npython3 certify -d example.com\n```\n\nFor an overview of all commands use the following command:\n\n```bash\npython3 certify -h\n```\n\nThe output shown below are the latest supported commands.\n\n```bash\nusage: python3 certify [-h] [-v] [-d hostname] [-l file_path] [-p port] [-an] [-cn] [-on] [-tv] [-cipher] [-hash hash_name] [-jarm] [-sn] [-pin] [-av] [-vu] [-ex] [-ss] [-mm] [-re] [-un]\n [-o file_path] [-j] [-silent]\n\nCertify is a python tool designed to check the security of SSL/TLS certificates.\n\noptions:\n -h, --help show this help message and exit\n -v, -version display project version\n\nINPUT:\n -d hostname, -host hostname\n target host to scan (-d HOST1,HOST2)\n -l file_path, -list file_path\n target list to scan (-l INPUT_FILE)\n -p port, -port port target port to scan (default 443)\n\nPROBES:\n -an display subject alternative names\n -cn display subject common names\n -on display subject organization name\n -tv, -tls-version display used tls version\n -cipher display used cipher\n -hash hash_name display certificate fingerprint hashes (md5, sha1, sha224, sha256, sha384, sha512)\n -jarm display jarm hash\n -sn, -serial display certificate serial number\n -pin display certificate pinning status\n -av, -authority-verification\n display certificate authority verification (issued to, issued by)\n -vu, -valid-until display certificate valid until\n\nMISCONFIGURATIONS:\n -ex, -expired display host with host expired certificate\n -ss, -self-signed display host with self-signed certificate\n -mm, -mismatched display host with mismatched certificate\n -re, -revoked display host with revoked certificate\n -un, -untrusted display host with untrusted certificate\n\nOUTPUT:\n -o file_path, -output file_path\n file to write output to\n -j, -json display output in jsonline format\n -silent display silent output\n\npython3 certify -d example.com -tv\n```\n\n### Examples\n\n#### Example 1:\n\n```bash\n\u003e python3 certify -d cybersapien.tech -tv\n\n ██████╗███████╗██████╗ ████████╗██╗███████╗██╗ ██╗\n██╔════╝██╔════╝██╔══██╗╚══██╔══╝██║██╔════╝╚██╗ ██╔╝\n██║ █████╗ ██████╔╝ ██║ ██║█████╗ ╚████╔╝\n██║ ██╔══╝ ██╔══██╗ ██║ ██║██╔══╝ ╚██╔╝\n╚██████╗███████╗██║ ██║ ██║ ██║██║ ██║\n ╚═════╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝\n Coded with Love by Shivam Saraswat (@cybersapien)\n\ncybersapien.tech:443 [TLSv1.3]\n```\n\n#### Example 2:\n\n```bash\n\u003e python3 certify -l domains.txt -o cert.out -tv -on -cipher -hash sha512 -jarm -sn -pin -av -vu -silent\ngoogle.com:443 [TLSv1.3] [TLS_AES_256_GCM_SHA384] [256 bits] [20720863506ab451420d11d72c72d312674d61a822a642812ff8cde635ffd92e2fa6172d00fd0b033116b6d07e4b89c0412eae00af58deb0ddc5ecf5ac63b96a] [27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d] [F27B612A054C603612DE2BB967B1F2CC] [Passed] [google.com] [GTS CA 1C3] [May 25, 2023 04:20:59 AM]\nfacebook.com:443 [Meta Platforms, Inc.] [TLSv1.3] [TLS_CHACHA20_POLY1305_SHA256] [256 bits] [6bc40449e06861f4d824fb941690c4b08688d2b720381a311af696a7b586f7630d52af11a17c3ebcbcb45d54b083a86d5d445a0782640835b58ff92b184b58b8] [27d27d27d0000001dc41d43d00041d286915b3b1e31b83ae31db5c5a16efc7] [01E6B342797813A1BE6E94AFC5457350] [Passed] [facebook.com] [DigiCert SHA2 High Assurance Server CA] [March 26, 2023 11:59:59 PM]\n```\n\n#### Example 3:\n\n```bash\n\u003e python3 certify -d cybersapien.tech,facebook.com -an -cn\n\n ██████╗███████╗██████╗ ████████╗██╗███████╗██╗ ██╗\n██╔════╝██╔════╝██╔══██╗╚══██╔══╝██║██╔════╝╚██╗ ██╔╝\n██║ █████╗ ██████╔╝ ██║ ██║█████╗ ╚████╔╝\n██║ ██╔══╝ ██╔══██╗ ██║ ██║██╔══╝ ╚██╔╝\n╚██████╗███████╗██║ ██║ ██║ ██║██║ ██║\n ╚═════╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝\n Coded with Love by Shivam Saraswat (@cybersapien)\n\ncybersapien.tech:443 [cybersapien.tech]\ncybersapien.tech:443 [www.cybersapien.tech]\ncybersapien.tech:443 [cybersapien.tech]\n\nfacebook.com:443 [facebook.com]\nfacebook.com:443 [facebook.net]\nfacebook.com:443 [fbcdn.net]\nfacebook.com:443 [fbsbx.com]\nfacebook.com:443 [m.facebook.com]\nfacebook.com:443 [messenger.com]\nfacebook.com:443 [xx.fbcdn.net]\nfacebook.com:443 [xy.fbcdn.net]\nfacebook.com:443 [xz.fbcdn.net]\nfacebook.com:443 [facebook.com]\n```\n\n## Using the Certify as module\n\n### Examples\n\n#### Example 1\n\n```bash\nfrom certify import Certify\n\nprint(Certify.is_expired('expired.badssl.com'))\n```\n\n#### Example 2\n\n```bash\nfrom certify import Certify\n\nprint(Certify.alternative_names('google.com'))\n```\n\n## Using the Docker Container\n\nA typical run through Docker would look as follows:\n\n```bash\ndocker run -it --rm certify -d hostname\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshivamsaraswat%2Fcertify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshivamsaraswat%2Fcertify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshivamsaraswat%2Fcertify/lists"}