All Projects → franccesco → Getaltname

franccesco / Getaltname

Licence: mit
Extract subdomains from SSL certificates in HTTPS sites.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Getaltname

Hackerenv
Stars: ✭ 309 (-3.44%)
Mutual labels:  pentesting, pentest, pentest-tool, pentest-scripts
Kaboom
A tool to automate penetration tests
Stars: ✭ 322 (+0.63%)
Mutual labels:  pentesting, pentest, pentest-tool, pentest-scripts
Certify
SSL Certificate Manager UI for Windows, powered by Let's Encrypt. Download from certifytheweb.com
Stars: ✭ 1,075 (+235.94%)
Mutual labels:  https, ssl, certificates, ssl-certificates
Justtryharder
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (+40.63%)
Mutual labels:  pentesting, pentest, pentest-tool, pentest-scripts
jota-cert-checker
Check SSL certificate expiration date of a list of sites.
Stars: ✭ 45 (-85.94%)
Mutual labels:  ssl, https, certificates, ssl-certificates
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-46.25%)
Mutual labels:  pentesting, pentest, infosec, pentest-tool
Pric
Simple zero-config tool to create Private Certificate Authority & issue locally-trusted development server certificates with any domain names you'd like. SSL certificates for development purposes.
Stars: ✭ 87 (-72.81%)
Mutual labels:  https, ssl, ssl-certificate, tool
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+142.19%)
Mutual labels:  pentesting, pentest, infosec, pentest-tool
Cve 2016 8610 Poc
CVE-2016-8610 (SSL Death Alert) PoC
Stars: ✭ 26 (-91.87%)
Mutual labels:  pentesting, pentest, ssl, pentest-tool
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+255%)
Mutual labels:  pentesting, pentest, infosec, pentest-tool
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+53.75%)
Mutual labels:  dns, subdomain, pentesting, pentest
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (-71.56%)
Mutual labels:  ssl, https, ssl-certificates
PyParser-CVE
Multi source CVE/exploit parser.
Stars: ✭ 25 (-92.19%)
Mutual labels:  infosec, pentest, pentest-tool
httpsbook
《深入浅出HTTPS:从原理到实战》代码示例、勘误、反馈、讨论
Stars: ✭ 77 (-75.94%)
Mutual labels:  ssl, https, certificates
Sites Using Cloudflare
💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
Stars: ✭ 1,914 (+498.13%)
Mutual labels:  dns, https, ssl
haiti
🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (-10.31%)
Mutual labels:  infosec, pentest, pentest-tool
Crypt Le
Crypt::LE - Let's Encrypt / Buypass / ACME client and library in Perl for obtaining free SSL certificates (inc. generating RSA/ECC keys and CSRs). HTTP/DNS verification is supported out of the box, easily extended with plugins, easily dockerized.
Stars: ✭ 277 (-13.44%)
Mutual labels:  dns, https, ssl
acmed
ACME (RFC 8555) client daemon
Stars: ✭ 121 (-62.19%)
Mutual labels:  certificates, ssl-certificate, ssl-certificates
volana
🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-88.12%)
Mutual labels:  infosec, pentest, pentest-tool
Dnsbrute
DNS Sub-domain brute forcer, in Python + gevent
Stars: ✭ 40 (-87.5%)
Mutual labels:  dns, pentesting, tool

GSAN - Get Subject Alternative Names

PyPI - Python VersionPyPIPyPI - License

GSAN is a tool that can extract Subject Alternative Names found in SSL Certificates directly from https web sites which can provide you with DNS names (subdomains) or virtual servers.

This tool extract subdomain names from https sites and return a list or CSV/JSON output of its findings. It is not a subdomain brute-force tool, and you can actually find those subdomains manually, this tools is about the automation of that process, it also offers the following features:

  • Define multiple hosts:port on your terminal or using a text file.
  • CSV or JSON output, useful if you want to export data into other tools.
  • You can optionally filter out domain names that doesn't match the domain name that you're analyzing.
  • Integration with CRT.SH so you can extract more subdomains from certificates of the same entity.
  • Also works with Self-signed certificates.

Installation

$ pip install --user gsan

Usage

You have 2 ways of executing GSAN, getting subdomain names from CRT.SH, in which GSAN acts as a wrapper for CRT.SH, or getting subdomain names by directly connecting

Usage: gsan [OPTIONS] COMMAND [ARGS]...

  Get subdomain names from SSL Certificates.

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  crtsh  Get domains from crt.sh
  scan   Scan domains from input or a text file, format is HOST[:PORT].

Getting subdomains from CRT.SH

If you prefer to get the subdomain names directly from CRT.SH you can do that by using the subcomand crtsh.

$ gsan crtsh --help
Usage: gsan crtsh [OPTIONS] [DOMAINS]...

  Get domains from crt.sh

Options:
  -m, --match-domain     Match domain name only.
  -o, --output TEXT      Output to path/filename.
  -t, --timeout INTEGER  Set timeout for CRT.SH
  --help                 Show this message and exit.

$ gsan crtsh facebook.com
[+] Getting subdomains for facebook.com
[+] Getting subdomains for facebook.com
[+] Results:

FACEBOOK.COM
↳ newdev.facebook.com
↳ dewey.vip.facebook.com
↳ secure.trunkstable.facebook.com
↳ facebook.com
↳ secure.intern.facebook.com
-- SNIP --
↳ channel.facebook.com
↳ extools.facebook.com
↳ china--facebook.com
↳ adtools.facebook.com
↳ ak.facebook.com

Getting subdomains directly from SSL certificates

Most programs that "abuse" transparency certificates are only a wrapper for crt.sh, however you can extract subdomain names directly from SSL certificates found in HTTPS services. This allows you to find subdomain names in services that have self-signed certificates or deployed services that are not found anywhere. You can do this using the subcomand scan.

$ gsan scan --help
Usage: gsan scan [OPTIONS] [HOSTNAMES]...

  Scan domains from input or a text file, format is HOST[:PORT].

  e.g: gsan scan domain1.com domain2.com:port

  You can also pass a text file instead, just replace the first domain
  argument for a file. eg: gsan scan filename.txt

  If no ports are defined, then gsan assumes the port 443 is available.

Options:
  -o, --output TEXT      Output to path/filename.
  -m, --match-domain     Match domain name only.
  -c, --crtsh            Include results from CRT.SH
  -t, --timeout INTEGER  Set timeout [default: 3]
  --help                 Show this message and exit.

$ gsan scan facebook.com starbucks.com:443
[+] Getting subdomains for facebook.com
[+] Getting subdomains for starbucks.com
[+] Results:

FACEBOOK.COM
↳ facebook.com
↳ facebook.net
↳ fbcdn.net
↳ fbsbx.com
↳ m.facebook.com
↳ messenger.com
↳ xx.fbcdn.net
↳ xy.fbcdn.net
↳ xz.fbcdn.net

STARBUCKS.COM
↳ starbucks.com
↳ beta.starbucks.com
↳ app.starbucks.fr
↳ starbucks.fr
↳ app.starbucks.co.uk
↳ starbucks.ie
↳ app.starbucks.com
↳ fr.starbucks.ca
↳ preview.starbucks.com
↳ starbucks.ca
↳ app.starbucks.com.br
↳ app.starbucks.ie
↳ starbucks.com.br
↳ fr.app.starbucks.ca
↳ starbucks.de
↳ starbucks.co.uk
↳ app.starbucks.de
↳ app.starbucks.ca

You can also pass a list of hosts their ports, formatted as host[:port] (port is optional), and gsan will go through them trying to extract subdomain names. You can use the same subcomand scan and pass a text file as argument instead of a domain name:

gsan scan hosts.txt -o subdomains.csv
[+] Getting subdomains for facebook.com
[+] Getting subdomains for starbucks.com
[+] Getting subdomains for fakedomain.com
[!] Unable to connect to host fakedomain.com
[+] Getting subdomains for amazon.com
FACEBOOK.COM
↳ facebook.com
↳ facebook.net
-- SNIP --
↳ xy.fbcdn.net
↳ xz.fbcdn.net

STARBUCKS.COM
↳ starbucks.com
↳ beta.starbucks.com
-- SNIP --
↳ app.starbucks.de
↳ app.starbucks.ca

AMAZON.COM
↳ amazon.co.uk
↳ uedata.amazon.co.uk
-- SNIP --
↳ bz.peg.a2z.com
↳ origin2-amazon.co.jp


[+] Contents dumped into CSV file: subdomains.csv

You can save the results into a CSV or JSON file, the program will format the output based on the file extension.

Contributors

Contribution Guidelines

Contribution is welcome, just remember:

  • Fork the repo.
  • Make changes to the develop branch.
  • Make a Pull Request.

Support this project

Buy Me A Coffee Buy Me a Coffee at ko-fi.com

More Information

 _____ _____ _____ _____
|   __|   __|  _  |   | |
|  |  |__   |     | | | |
|_____|_____|__|__|_|___| v4.2.3

Author:  Franccesco Orozco
Email:   [email protected]
Website: https://codingdose.info
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].