{"id":13539936,"url":"https://github.com/franccesco/getaltname","last_synced_at":"2025-10-21T04:39:55.145Z","repository":{"id":91531981,"uuid":"110495613","full_name":"franccesco/getaltname","owner":"franccesco","description":"Extract subdomains from SSL certificates in HTTPS sites.","archived":false,"fork":false,"pushed_at":"2025-03-03T06:12:32.000Z","size":584,"stargazers_count":388,"open_issues_count":5,"forks_count":69,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-10-21T04:39:40.876Z","etag":null,"topics":["certificates","discovery","dns","extract-subdomains","https","information-retrieval","infosec","pentest","pentest-scripts","pentest-tool","pentesting","ssl","ssl-certificate","ssl-certificates","subdomain","tool"],"latest_commit_sha":null,"homepage":"https://franccesco.github.io/getaltname/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/franccesco.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-13T03:28:10.000Z","updated_at":"2025-09-26T05:51:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"fecdd9c0-51c7-442a-aa2f-a24ef51cee30","html_url":"https://github.com/franccesco/getaltname","commit_stats":null,"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/franccesco/getaltname","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franccesco%2Fgetaltname","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franccesco%2Fgetaltname/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franccesco%2Fgetaltname/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franccesco%2Fgetaltname/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/franccesco","download_url":"https://codeload.github.com/franccesco/getaltname/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franccesco%2Fgetaltname/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280207158,"owners_count":26290613,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-21T02:00:06.614Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificates","discovery","dns","extract-subdomains","https","information-retrieval","infosec","pentest","pentest-scripts","pentest-tool","pentesting","ssl","ssl-certificate","ssl-certificates","subdomain","tool"],"created_at":"2024-08-01T09:01:34.661Z","updated_at":"2025-10-21T04:39:55.098Z","avatar_url":"https://github.com/franccesco.png","language":"Python","readme":"# GSAN - Get Subject Alternative Names\n\n**GSAN** is a tool that can extract [Subject Alternative Names](https://en.wikipedia.org/wiki/Subject_Alternative_Name) (SAN) found in SSL Certificates directly from https servers which can provide you with DNS names (subdomains) or virtual servers.\n\nIt doesn't rely on Certificate Transparency logs, it connects directly to the server and extracts the SANs from the certificate, which can be specially useful when you're analyzing internal servers or self-signed certificates.\n\n## Installation\n\nUse pip (or pipx - recommended) to avoid contaminating your system with a bunch of dependencies.\n```bash\n$ pipx install --user gsan\n```\n\nYou can also install and run it using Docker.\n```bash\n$ docker run --rm -i francc3sco/gsan \u003cDOMAIN\u003e\n```\n\n## Usage\n\nBasic usage is just passing the domain of an HTTPS server to the tool, and it will return a list of subdomains found in the certificate.\n```bash\n$ gsan microsoft.com\n\nmicrosoft.com [126]:\n- microsoft.com\n- successionplanning.microsoft.com\n- explore-security.microsoft.com\n...\n- wwwbeta.microsoft.com\n- gigjam.microsoft.com\n- mspartnerira.microsoft.com\n...\n```\n\nAlternatively, you can pass a text file with a list of domains to scan by using the `xargs` command.\n```bash\n$ cat domains.txt | xargs gsan\n\ngoogle.com [93]:\n- google.fr\n...\n- google.com.au\n\namazon.com [37]:\n- uedata.amazon.com\n...\n- origin-www.amazon.com.au\n\nyoutube.com [93]:\n- google.fr\n...\n- google.com.au\n```\n\nIf you're using the dockerized version, you can achieve the same by doing:\n```bash\n$ cat domains.txt | xargs docker run --rm -i francc3sco/gsan\n```\n\nYou can combine gsan with other tools like shodan to get a list of SANs found in a list of domains or IP addresses as long as you respect the IP|DOMAIN:PORT format.\n```bash\n$ shodan search --fields ip_str,port --separator : --limit 100 https | cut -d : -f 1,2 | xargs gsan --timeout 1\n\n207.21.195.58 [1]:\n- orielstat.com\n\n162.159.135.42 [4]:\n- temp927.kinsta.cloud\n- temp312.kinsta.cloud\n\n34.230.178.151 [2]:\n- procareltc.com\n- clarest.com\n\n20.62.53.137 [1]:\n- budget.lis.virginia.gov\n\n199.60.103.228 [3]:\n- hscoscdn40.net\n- sites-proxy.hscoscdn40.net\n...\n```\n\nYou can also output to a file by using the `--output` flag which can be useful to then pass the output to other tools such as Nmap.\n```bash\n$ gsan microsoft.com --output microsoft.txt | nmap -iL microsoft.txt\n```\n\nOr, if you have a large list of domains:\n```bash\n$ cat domains.txt | xargs gsan --output domains.txt | nmap -iL domains.txt\n```\n\nOr, if you want chaos to take the world:\n```bash\n$ shodan search --fields ip_str,port --separator : --limit 1000 has_ipv6:false https | \\\n  cut -d : -f 1,2 | \\\n  xargs gsan --timeout 1 --output sans.txt \u0026\u0026 \\\n  sudo nmap -sS -F -vvv -iL sans.txt -oX import_to_metasploit.xml\n```\n","funding_links":[],"categories":["\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","Python","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"e945721056c78a53003e01c3d2f3b8fe\"\u003e\u003c/a\u003e子域名枚举\u0026\u0026爆破"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffranccesco%2Fgetaltname","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffranccesco%2Fgetaltname","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffranccesco%2Fgetaltname/lists"}