/certificate-ripper

🔐 A CLI tool to extract server certificates

Primary LanguageJavaApache License 2.0Apache-2.0

Actions Status

Certificate Ripper 🔐

A CLI tool to extract server certificates

Demo

alt text

Advantages

  • It is fast
  • Easy to use
  • No openssl required
  • Runs on any Operating System
  • Can be used with or without Java, native executables are present in the releases
  • Extracts all the sub-fields of the certificate
  • Certificates can be formatted to PEM format
  • Bulk extraction of multiple different urls with a single command is possible
  • Extracted certificates can be stored automatically into a p12 truststore

Installing & Usage

Mac OS X - Homebrew 🍺

brew tap hakky54/crip
brew install crip
crip print --url=https://stackoverflow.com/

Windows

  1. Download the latest binary here: Releases
  2. Extract the compressed file
  3. Start cmd and cd to the extracted file
  4. Run start /b "" "crip.exe" print --url=https://stackoverflow.com/

Linux

  1. Download the latest binary here: Releases
  2. Extract the compressed file
  3. Add the reference to your environment variables: export CRIP_HOME=/path/to/crip/binary
  4. Run crip print --url=https://stackoverflow.com/

Using Executable JAR

Minimum requirements:

  1. Java 8
  2. A terminal

Setup

  1. Download the latest JAR here: Releases
  2. Run it with java -jar crip.jar print --url=https://youtube.com/

CLI Options

Usage: crip [COMMAND]
Commands:
  print   Prints the extracted certificates to the console
  export  Export the extracted certificate to a PKCS12/p12 type truststore
  
Usage: crip print [-f=<format>] -u=<urls> [-u=<urls>]...
Prints the extracted certificates to the console
  -f, --format              To be printed certificate format. This option is not required. Default is human-readable.
  -u, --url                 Url of the target server to extract the certificates. Can be provided multiple times.
  
Usage: crip export [-p=<password>] -u=<urls> [-u=<urls>]...
Export the extracted certificate to a PKCS12/p12 type truststore
  -p, --password            TrustStore password. This option is not required. Default is changeit.
  -u, --url                 Url of the target server to extract the certificates. Can be provided multiple times.
  -d, --destination         Destination of the to be stored truststore file. Default is current directory if none is provided.

Example usages

Single export

crip export -u=https://github.com

Bulk export

crip export \
-u=https://youtube.com \
-u=https://github.com \
-u=https://stackoverflow.com \
-u=https://facebook.com

Specify custom truststore destination path

crip export -u=https://github.com -d=/path/to/directory

Print in human-readable format

crip print -u=https://github.com

Print in PEM format

crip print -u=https://github.com -f=pem

Batch print in PEM format

crip print -f=pem \
-u=https://youtube.com \
-u=https://github.com \
-u=https://stackoverflow.com \
-u=https://facebook.com

Contributing

There are plenty of ways to contribute to this project:

  • Give it a star
  • Share it with a Tweet
  • Submit a PR