GetAltName it's a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers.
It's useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope.
This code is in alpha stage and has been rewritten from Ruby to Python, it doesn't do as much as it should. lots of things and features are missing, but it delivers, treat it as a quick-dirty-code. More features incoming, also you're welcome to contribute if you want.
You can read more about how this tool works from my post in getroot.info (in Spanish).
usage: getaltname.py [-h] [-p PORT] [-s [timeout]] [-m] [-o OUTPUT]
[-f {json,text}] [-c {l,s}] [-d]
hostname
positional arguments:
hostname Host or Nmap XML to analyze.
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT Destiny port (default 443)
-s [timeout], --search-crt [timeout] Retrieve subdomains found in crt.sh
-m, --match-domain Show match domain name only
-o OUTPUT, --output OUTPUT Set output filename
-f {json,text}, --format {json,text} Set output format
-c {l,s}, --clipboard {l,s} Copy the output to the clipboard as a
List or a Single string
-d, --debug Set debug enable
You can output to a text file and also copy the output to you clipboard as a List or a Single line string, which is useful if you're trying to make a quick scan with Nmap or other tools.
In this case the tool give you sub-domains that you probably didn't find with a sub-domain brute force tool.
Required libraries:
- colorama
- ndg-httpsclient
- pyperclip
- requests
- tldextract
- tqdm
Installation with pipenv:
$ git clone https://github.com/franccesco/getaltname.git
$ pipenv installInstallation with Pip:
$ git clone https://github.com/franccesco/getaltname.git
$ pip install -r requirements.txtFor the copy&paste mechanism you will have to install xclip package. Debian/Ubuntu/Mint:
$ apt install xclip- File output
- Output to clipboard
- Clean sub-domains wildcards
- Remove duplicates
- A filter system for main domain and TLD's.
- Add colors (so l33t. /s)
- Get additional sub-domains from crt.sh
- Read Nmap XML and analyze them
- JSON Output
- Unit Tests
- Coverage Reports
- HTML Report
- Multithreading
Contribution is welcome, just remember:
- Fork the repo.
- Make changes to the develop branch.
- Make a Pull Request.
If you like the project and would like to support me you can buy me a cup of coffee, you will also be inmortalized as a patreon, thank you 🙏.
