certina is an information gathering tool for red teamers to discover subdomains from web certificate data.
USAGE:
python3 certina.py [flags]
FLAGS:
-h, --help Show help message and exit
-d, --domain Endpoint to scan separate by commas for multiple domains
-s, --socket Enable SSL connection with raw socket (Default: False)
-i, --input Input file containing lines of domains
-o, --output Output filename to save results
-c, --certonly Show only certificate info without further enumeration (Default: False)
-r, --request Follow up with GET request to check web-alive (Default: False)
-a, --all Crawl all HTTPS domains (Coming soon)-
Full enumeration with SAN extension, cert transparency logs (crt.sh) and check if web-alive (Recommended)
python3 certina.py -d example.com -r -
Quiet enumeration with SAN extension, cert transparency logs [Sends ONLY 1 request to grab the cert]
python3 certina.py -d example.com -
Only grab certificate info and SAN extension domains
python3 certina.py -d example.com -c -
Running on multiple domains at once
python3 certina.py -d "example.com, example2.com"or
python3 certina.py -i input.txt -
Running with raw socket mode without SSL library
python3 certina.py -d example.com -s -
Output results to file
python3 certina.py -d example.com -o output.txt
To install Python dependencies, run pip install -r requirements.txt
This tool is for educational and testing purposes only. Do not use it to exploit the vulnerability on any system that you do not own or have permission to test. The authors of this script are not responsible for any misuse or damage caused by its use.