A command-line tool for certificate transparency search and SSL/TLS security analysis.
Built by the team behind CertRadar.net and SSLGuard.net - used in production to monitor thousands of certificates.
- Certificate Transparency Search - Find certificates issued for any domain via crt.sh
- SSL/TLS Analysis - Comprehensive SSL/TLS configuration analysis with security grading:
- Protocol support detection (TLS 1.0 - 1.3)
- Cipher suite enumeration and weakness detection
- Certificate chain analysis with detailed info for each certificate
- OCSP stapling status with response parsing
- HSTS header analysis with preload list verification
- Server cipher preference detection
- CAA record analysis
- Security Headers Check - Evaluate HTTP security headers (HSTS, CSP, etc.)
- DNS Lookup - Query DNS records (A, AAAA, MX, TXT, NS, CAA)
- RDAP/WHOIS Lookup - Get domain registration information
- SSL Health Check - Combined check for CAA, CNAME chains, and DNS
- Multi-domain Reports - Security report across multiple domains
cargo install certradar-clibrew tap fleralex/tap
brew install certradar-cligit clone https://github.com/FlerAlex/certradar-cli.git
cd certradar-cli
cargo install --path .certradar-cli <COMMAND> [OPTIONS]
COMMANDS:
search Search Certificate Transparency logs
ssl Analyze SSL/TLS configuration
headers Check security headers
dns DNS lookup
rdap RDAP/WHOIS lookup
health SSL health check (CAA, CNAME, DNS)
report Multi-domain security report
OPTIONS:
-o, --output <FORMAT> Output format: table (default) or json
--no-color Disable colored output
--timeout <SECS> Request timeout in seconds [default: 30]
-h, --help Print help
-V, --version Print version
# Search for certificates for a domain
certradar-cli search example.com
# Include subdomains
certradar-cli search example.com --subdomains
# Limit results
certradar-cli search example.com --limit 10
# JSON output
certradar-cli search example.com -o json# Analyze a host
certradar-cli ssl example.com
# Specify port
certradar-cli ssl example.com --port 8443
# JSON output for scripting
certradar-cli ssl example.com -o json | jq .securityGradeThe SSL analysis includes:
- Certificate details - Subject, issuer, validity, key type/size, SANs
- Certificate chain - Full chain analysis with each certificate's details
- Protocol support - TLS 1.0, 1.1, 1.2, 1.3 detection
- Cipher suites - Enumeration with weakness detection
- OCSP stapling - Status and certificate revocation status
- HSTS - Header parsing with preload list verification (via hstspreload.org)
- Cipher preference - Server cipher preference enforcement detection
- Security grade - A+ to F grade based on configuration
# Check security headers for a URL
certradar-cli headers https://example.com
# HTTPS prefix is optional
certradar-cli headers example.com# Full DNS lookup
certradar-cli dns example.com
# JSON output
certradar-cli dns example.com -o json# Get domain registration info
certradar-cli rdap example.com# Check CAA records, CNAME chains, and DNS
certradar-cli health example.com# Generate security report for multiple domains
certradar-cli report example.com github.com google.comHuman-readable formatted output with colors and tables.
Machine-readable JSON output for scripting and automation.
# Pipe to jq for processing
certradar-cli ssl example.com -o json | jq '.securityGrade'
# Save to file
certradar-cli ssl example.com -o json > report.json0- Success1- Error (connection failed, domain not found, etc.)
- OpenSSL development libraries (for SSL analysis)
- Internet connection
This CLI is great for ad-hoc checks. For automated monitoring with alerts:
- SSLGuard.net - Certificate expiry monitoring & alerts
- CertRadar.net - Full SSL/TLS security dashboard
MIT