Skip to content

peak915/certificate-ripper

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

114 Commits
.github
.github
 
 
images
images
 
 
script
script
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.MD
README.MD
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Actions Status Security Rating Coverage Apache2 license GitHub stars chart

SonarCloud

Certificate Ripper 🔐

A CLI tool to extract server certificates

Demo

alt text

Advantages

  • It is fast
  • Easy to use
  • No openssl required
  • Runs on any Operating System
  • Can be used with or without Java, native executables are present in the releases
  • Extracts all the sub-fields of the certificate
  • Certificates can be formatted to PEM format
  • Bulk extraction of multiple different urls with a single command is possible
  • Extracted certificates can be stored automatically into a p12 truststore
  • Works also behind a proxy

Installing & Usage

Mac OS X - Homebrew 🍺

brew tap hakky54/crip
brew install crip
crip print --url=https://stackoverflow.com/

Windows

  1. Download the latest binary here: Releases
  2. Extract the compressed file
  3. Start cmd and cd to the extracted file
  4. Run start /b "" "crip.exe" print --url=https://stackoverflow.com/

Linux

From Source

  1. Download the latest binary here: Releases
  2. Extract the compressed file
  3. Add the reference to your environment variables: export CRIP_HOME=/path/to/crip/binary
  4. Run crip print --url=https://stackoverflow.com/

Contributed/Unofficial Installation Methods

Arch-Linux (AUR)
  1. Install the certificate-ripper-bin AUR package
  2. Run crip print --url=https://stackoverflow.com/

Using Executable JAR

Minimum requirements:

  1. Java 8
  2. A terminal

Setup

  1. Download the latest JAR here: Releases
  2. Run it with java -jar crip.jar print --url=https://youtube.com/

CLI Options

Usage: crip [COMMAND]
Commands:
  print             Prints the extracted certificates to the console
  export p12        Export the extracted certificate to a PKCS12/p12 type truststore
  export jks        Export the extracted certificate to a JKS (Java KeyStore) type truststore
  export der        Export the extracted certificate to a binary form also known as DER
  export pem        Export the extracted certificate to a base64 encoded string also known as PEM
  
Usage: crip print
Prints the extracted certificates to the console
  -f, --format              To be printed certificate format. This option is not required. Default is human-readable.
  -u, --url                 Url of the target server to extract the certificates. Can be provided multiple times.

Usage: crip export pkcs12
Export the extracted certificate to a PKCS12/p12 type truststore
  -p, --password            TrustStore password. This option is not required. Default is changeit.
  -u, --url                 Url of the target server to extract the certificates. Can be provided multiple times.
  -d, --destination         Destination of the to be stored file. Default is current directory if none is provided.
      
Usage: crip export der
Export the extracted certificate to a binary form also known as DER
  -u, --url                 Url of the target server to extract the certificates. Can be provided multiple times.
  -c, --combined            Indicator to either combine all of the certificate into one file for a given url or export into individual files.
  -d, --destination         Destination of the to be stored file. Default is current directory if none is provided.

Usage: crip export pem
Export the extracted certificate to a base64 encoded string also known as PEM
  -u, --url                 Url of the target server to extract the certificates. Can be provided multiple times.
  -c, --combined            Indicator to either combine all of the certificate into one file for a given url or export into individual files.
  -d, --destination         Destination of the to be stored file. Default is current directory if none is provided.
      --include-header      Indicator to either omit or include additional information above the BEGIN statement.
      
Proxy options applicable for all commands
      --proxy-host          Proxy host
      --proxy-port          Proxy port
      --proxy-password      Password for authenticating the user for the given proxy
      --proxy-user          User for authenticating the user for the given proxy

Example usages

Single export

crip export pkcs12 -u=https://github.com

Bulk export

crip export pkcs12 \
-u=https://youtube.com \
-u=https://github.com \
-u=https://stackoverflow.com \
-u=https://facebook.com

Specify custom truststore destination path

crip export pkcs12 -u=https://github.com -d=/path/to/directory

Print in human-readable format

crip print -u=https://github.com

Print in PEM format

crip print -u=https://github.com -f=pem

Batch print in PEM format

crip print -f=pem \
-u=https://youtube.com \
-u=https://github.com \
-u=https://stackoverflow.com \
-u=https://facebook.com

Extracting behind a proxy

crip print -u=https://stackoverflow.com --proxy-host=my-host.com --proxy-port=1234 --proxy-user=foo --proxy-password

Combining certificates

crip export pem -u=https://github.com --combined=true

Defining custom file name

Works only with the combined option while only specifying a single url.

crip export pem -u=https://github.com --combined=true --destionation=/path/to/export/github-chain.crt

Contributing

There are plenty of ways to contribute to this project:

  • Give it a star
  • Share it with a Tweet
  • Submit a PR

About

🔐 A CLI tool to extract server certificates

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Java 96.0%
  • Shell 4.0%