GAN v1.0 – A SSL Subdomain Extractor

GAN v1.0 – A SSL Subdomain Extractor

GetAltName (or GAN) is a tool that extracts sub-domains or virtual domains directly from SSL certificates found in HTTPS sites. It returns a handy list of sub-domains to ease the phase of information gathering in a pen-testing assessment where you can find an interesting amount of data.


usage: [-h] [-p PORT] [-s [timeout]] [-m] [-o OUTPUT] [-c {l,s}]

positional arguments:
 hostname Host to analyze.

optional arguments:
 -h, --help show this help message and exit
 -p PORT, --port PORT Destiny port (default 443)
 -s [timeout], --search-crt [timeout] Retrieve subdomains found in
 -m, --matching-domain Show matching domain name only
 -o OUTPUT, --output OUTPUT Set output filename
 -c {l,s}, --clipboard {l,s} Copy the output to the clipboard as a
 List or a Single string
 -d, --debug Set debug enable


  • With -m GAN can return a list of subdomains ending in the domain you previously specified. For example, if you’re analyzing you will get and other domains, if you only want subdomains belonging to then you can filter out those domains with -m
  • Select a custom port with -p. This is useful if the server is on another port besides 443
  • integration with -s. You can now append results of into your extracted subdomains list.
  • Copy to clipboard with option -c. This argument gives you two options, copy the contents of the subdomain list in a List with -c l or in a single string style with -c s. This is useful if you need a quick way to analyze subdomain, say, with Nmap to provide a list of domains in a single string without having to load a file with -iL.



  • python3
  • colorama
  • ndg-httpsclient
  • pyperclip
  • requests
  • tldextract
  • termcolor

More information: here

[button size=large style=round color=red align=none url=]GAN v1.0[/button]

Thanks to Franccesco Orozco for sharing this tool with us.


MaxiSoler @maxisoler