Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/equk/tls-altnames
:lock: List Alternative Names From TLS For OSINT
https://github.com/equk/tls-altnames
bash https linux mail osint tls
Last synced: 13 days ago
JSON representation
:lock: List Alternative Names From TLS For OSINT
- Host: GitHub
- URL: https://github.com/equk/tls-altnames
- Owner: equk
- License: mit
- Created: 2020-02-20T16:06:57.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-02-20T16:12:07.000Z (almost 5 years ago)
- Last Synced: 2024-11-24T03:11:55.246Z (2 months ago)
- Topics: bash, https, linux, mail, osint, tls
- Language: Shell
- Size: 3.91 KB
- Stars: 2
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# :lock: tls-altnames
List `Subject Alternative Name` from TLS Certificates for `osint`.
## Features
- [x] Extract Subdomains from HTTPS Websites
- [x] Extract Subdomains from SMTP Mailservers
More information can be found on blog post: [Finding Subdomains From TLS](https://equk.co.uk/2017/01/20/finding-subdomains-from-tls)
## Usage Example
```sh
./https_altnames.sh example.com
[+] Getting TLS over HTTPS for [ example.com ]
[+] Checking for Subject Alt Names
example.com
www.example.com
mail.example.com
dev.example.com
smtp.example.com
hidden.example.com
```
## Interesting Fields
If you work with TLS certificates you will know they contain a lot of information and have various sections & fields.
One interesting field is `Subject Alternative Name` which can provide all subdomains that can use the certificate. *(unless the company uses a wildcard certificate)*
```
Certificate:
Data:
X509v3 extensions:
X509v3 Subject Alternative Name:
```
This is the main field the script will try to extract.
# Contact
Website: https://equk.co.uk
Twitter: [@equilibriumuk](https://twitter.com/equilibriumuk)