Published on March 13th, 2018 | by MaxiSoler


GAN v1.0 – A SSL Subdomain Extractor

GetAltName (or GAN) is a tool that extracts sub-domains or virtual domains directly from SSL certificates found in HTTPS sites. It returns a handy list of sub-domains to ease the phase of information gathering in a pen-testing assessment where you can find an interesting amount of data.


usage: getaltname.py [-h] [-p PORT] [-s [timeout]] [-m] [-o OUTPUT] [-c {l,s}]

positional arguments:
 hostname Host to analyze.

optional arguments:
 -h, --help show this help message and exit
 -p PORT, --port PORT Destiny port (default 443)
 -s [timeout], --search-crt [timeout] Retrieve subdomains found in crt.sh
 -m, --matching-domain Show matching domain name only
 -o OUTPUT, --output OUTPUT Set output filename
 -c {l,s}, --clipboard {l,s} Copy the output to the clipboard as a
 List or a Single string
 -d, --debug Set debug enable


  • With -m GAN can return a list of subdomains ending in the domain you previously specified. For example, if you’re analyzing google.com you will get youtube.com and other domains, if you only want subdomains belonging to google.com then you can filter out those domains with -m
  • Select a custom port with -p. This is useful if the server is on another port besides 443
  • crt.sh integration with -s. You can now append results of crt.sh into your extracted subdomains list.
  • Copy to clipboard with option -c. This argument gives you two options, copy the contents of the subdomain list in a List with -c l or in a single string style with -c s. This is useful if you need a quick way to analyze subdomain, say, with Nmap to provide a list of domains in a single string without having to load a file with -iL.



  • python3
  • colorama
  • ndg-httpsclient
  • pyperclip
  • requests
  • tldextract
  • termcolor

More information: here

GAN v1.0[/button]

Thanks to Franccesco Orozco for sharing this tool with us.


Tags: , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑