GAN v1.0 – A SSL Subdomain Extractor
GetAltName (or GAN) is a tool that extracts sub-domains or virtual domains directly from SSL certificates found in HTTPS sites. It returns a handy list of sub-domains to ease the phase of information gathering in a pen-testing assessment where you can find an interesting amount of data.
Usage:
usage: getaltname.py [-h] [-p PORT] [-s [timeout]] [-m] [-o OUTPUT] [-c {l,s}]
[-d]
hostname
positional arguments:
hostname Host to analyze.
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT Destiny port (default 443)
-s [timeout], --search-crt [timeout] Retrieve subdomains found in crt.sh
-m, --matching-domain Show matching domain name only
-o OUTPUT, --output OUTPUT Set output filename
-c {l,s}, --clipboard {l,s} Copy the output to the clipboard as a
List or a Single string
-d, --debug Set debug enable
Features
- With -m GAN can return a list of subdomains ending in the domain you previously specified. For example, if you’re analyzing google.com you will get youtube.com and other domains, if you only want subdomains belonging to google.com then you can filter out those domains with -m
- Select a custom port with -p. This is useful if the server is on another port besides 443
- crt.sh integration with -s. You can now append results of crt.sh into your extracted subdomains list.
- Copy to clipboard with option -c. This argument gives you two options, copy the contents of the subdomain list in a List with -c l or in a single string style with -c s. This is useful if you need a quick way to analyze subdomain, say, with Nmap to provide a list of domains in a single string without having to load a file with -iL.
Installation
Required:
- python3
- colorama
- ndg-httpsclient
- pyperclip
- requests
- tldextract
- termcolor
More information: here
[button size=large style=round color=red align=none url=https://franccesco.github.io/getaltname/]GAN v1.0[/button]
https://franccesco.github.io/getaltname/
Thanks to Franccesco Orozco for sharing this tool with us.
