GetAltName: Find Subdomains from SSL Certificates



GetAltName: Find Subdomains from SSL Certificates:

GetAltName is a small script for finding subdomains that can retrieve Subject Alt Names for SSL certificates directly from HTTPS sites that can provide you with DNS or virtual server names.



It is useful at the stage of finding the evaluation in the pentest, this tool can provide you with additional information about your purpose and scope.

GetAltName features for finding subdomain or subdomain detection

  •     Hides wildcards and www
  •     Returns a unique list (without duplicates)
  •     Works on verified and self-signed certificates
  •     Domain Registration System
  •     Filtering for primary domains and TLDs
  •     Gets additional subdomains from crt.sh
  •     Conclusions to the clipboard

GetAltName requirements:

GetAltName: Find Subdomains from SSL Certificates, requires the following inforder to work properly:
  •     colorama
  •     ndg-httpsclient
  •     pyperclip
  •     requests
  •     tldextract

Download GetAltName Here:

https://github.com/franccesco/getaltname/

GetAltName: Find Subdomains from SSL Certificates

Below is the GetAltName usage like show you can use it to enumerate sudomains from the ssl certificates. You can use various option specified below with it to get your desired result.

usage: getaltname.py [-h] [-p PORT] [-s [timeout]] [-m] [-o OUTPUT]
                     [-f {json,text}] [-c {l,s}] [-d] [-V]
                     hostname

positional arguments:
  hostname                              Host or Nmap XML to analyze.

optional arguments:
  -h, --help                            show this help message and exit
  -p PORT, --port PORT                  Destiny port (default 443)
  -s [timeout], --search-crt [timeout]  Retrieve subdomains found in crt.sh
  -m, --match-domain                    Show match domain name only
  -o OUTPUT, --output OUTPUT            Set output filename
  -f {json,text}, --format {json,text}  Set output format
  -c {l,s}, --clipboard {l,s}           Copy the output to the clipboard as a
                                        List or a Single string
  -d, --debug                           Set debug enable
  -V, --version                         Print version information.
 

So this was GetAltName: Find Subdomains from SSL Certificates, feel free to comment below! 

No comments

Powered by Blogger.