GetAltName: Find Subdomains from SSL Certificates:
GetAltName is a small script for finding subdomains that can retrieve Subject Alt Names for SSL certificates directly from HTTPS sites that can provide you with DNS or virtual server names.
It is useful at the stage of finding the evaluation in the pentest, this tool can provide you with additional information about your purpose and scope.
GetAltName features for finding subdomain or subdomain detection
- Hides wildcards and www
- Returns a unique list (without duplicates)
- Works on verified and self-signed certificates
- Domain Registration System
- Filtering for primary domains and TLDs
- Gets additional subdomains from crt.sh
- Conclusions to the clipboard
GetAltName requirements:
GetAltName: Find Subdomains from SSL Certificates, requires the following inforder to work properly:
- colorama
- ndg-httpsclient
- pyperclip
- requests
- tldextract
Download GetAltName Here:
https://github.com/franccesco/getaltname/GetAltName: Find Subdomains from SSL Certificates
Below is the GetAltName usage like show you can use it to enumerate sudomains from the ssl certificates. You can use various option specified below with it to get your desired result.
usage: getaltname.py [-h] [-p PORT] [-s [timeout]] [-m] [-o OUTPUT]
[-f {json,text}] [-c {l,s}] [-d] [-V]
hostname
positional arguments:
hostname Host or Nmap XML to analyze.
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT Destiny port (default 443)
-s [timeout], --search-crt [timeout] Retrieve subdomains found in crt.sh
-m, --match-domain Show match domain name only
-o OUTPUT, --output OUTPUT Set output filename
-f {json,text}, --format {json,text} Set output format
-c {l,s}, --clipboard {l,s} Copy the output to the clipboard as a
List or a Single string
-d, --debug Set debug enable
-V, --version Print version information.
So this was GetAltName: Find Subdomains from SSL Certificates, feel free to comment below!