# Install certgraph with Homebrew, MacPorts, Nix

Crawl the graph of certificate Alternate Names. Version 0.1.2 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:certgraph
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install certgraph
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install certgraph
```

  Evidence: MacPorts ports tree: net/certgraph/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#certgraph
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ce/certgraph/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:certgraph
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/certgraph>
- **Version:** 0.1.2
- **Source summary:** Crawl the graph of certificate Alternate Names
- **Homepage:** <https://lanrat.github.io/certgraph/>
- **Repository:** <https://github.com/lanrat/certgraph>
- **Upstream docs:** <https://github.com/lanrat/certgraph#readme>
- **License:** GPL-2.0-or-later
- **Source archive:** <https://github.com/lanrat/certgraph/archive/refs/tags/v0.1.2.tar.gz>
- **Last updated:** 2026-06-15T10:20:12-04:00
- **Generated:** 2026-07-09T07:20:21+00:00

## Executables

- certgraph (cli)
- certgraph (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-09
- Package-manager version: 0.1.2
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/lanrat/certgraph
- Upstream latest detected: v0.1.2 (current)
## Project history and usage

CertGraph is a Go command-line tool for exploring relationships exposed by TLS certificate Subject Alternative Names. Its README describes it as creating a directed graph of domains and certificate alternate-name edges, with drivers for live TLS connections and Certificate Transparency sources.

### Project history

The public GitHub repository was created in 2016 under lanrat/certgraph. The project later added GitHub Pages documentation and a web UI that consumes JSON graph output, and its release process now publishes prebuilt binaries for Linux, macOS, and Windows.

### Adoption history

The README lists Linux distribution packaging in BlackArch and Kali Linux, while the supplied package facts show Homebrew, MacPorts, and Nix packaging. That spread places CertGraph in the security-reconnaissance package ecosystem rather than only as a source checkout.

### How it is used

CertGraph is used for host-name enumeration and certificate relationship discovery. Operators can crawl from seed hostnames, switch between HTTP, SMTP, crt.sh, and Censys drivers, emit JSON, save certificates, or serve the graph through the bundled web UI.

### Why package nerds care

For package maintainers, CertGraph is a compact example of certificate-transparency tooling that matters because it crosses CLI, OSINT, and graph visualization workflows. It is also a useful package because its upstream provides a single Go binary and official multi-platform releases.

### Timeline

- 2016: Public GitHub repository created.
- 2022: Version-tagged upstream release history includes v20220513.20220514.0.
- 2025: v0.1.0 through v0.1.2 GitHub releases published with prebuilt binaries.

### Related projects

- The README names crt.sh and Censys as Certificate Transparency drivers and links the web UI hosted from the same project.

### Sources

- <https://api.github.com/repos/lanrat/certgraph>
- <https://github.com/lanrat/certgraph>
- <https://lanrat.github.io/certgraph/>
- <https://github.com/lanrat/certgraph#readme>
- <https://lanrat.github.io/certgraph>
- <https://formulae.brew.sh/api/formula/certgraph.json>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** certgraph
- **Version Scheme:** 1
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - certgraph: normalized package name match | nixpkgs package indexes: pkgs/by-name/ce/certgraph/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- MacPorts - certgraph: normalized package name match | MacPorts ports tree: net/certgraph/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [certigo](https://www.automicvault.com/pkg/brew/certigo/) - Shares av.db curated category or tags: certificates, cli, security, tls, x509.
- [showcert](https://www.automicvault.com/pkg/brew/showcert/) - Shares av.db curated category or tags: certificates, cli, security, tls, x509.
- [certbot](https://www.automicvault.com/pkg/brew/certbot/) - Shares av.db curated category or tags: certificates, cli, security, tls.
- [certstrap](https://www.automicvault.com/pkg/brew/certstrap/) - Shares av.db curated category or tags: certificates, cli, security, tls.
- [crip](https://www.automicvault.com/pkg/brew/crip/) - Shares av.db curated category or tags: certificates, cli, security, tls.
- [gimmecert](https://www.automicvault.com/pkg/brew/gimmecert/) - Shares av.db curated category or tags: certificates, cli, security, x509.
- [minica](https://www.automicvault.com/pkg/brew/minica/) - Shares av.db curated category or tags: certificates, cli, security, tls.
- [mkcert](https://www.automicvault.com/pkg/brew/mkcert/) - Shares av.db curated category or tags: certificates, cli, security, tls.
- [zlint](https://www.automicvault.com/pkg/brew/zlint/) - Security-sensitive metadata or terminology overlaps. Shared terms: analysis, certificate, certificate-analysis, certificates, cli.

## Combined YAML source

View the package source record on GitHub. [combined/certgraph.yml](https://github.com/automic-vault/db/blob/main/combined/certgraph.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
