GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope.
Features of GetAltName to Discover Sub-Domains
- Strips wildcards and www’s
- Returns a unique list (no duplicates)
- Works on verified and self-signed certs
- Domain matching system
- Filtering for main domains and TLDs
- Gets additional sub-domains from crt.sh
- Outputs to clipboard
GetAltName Subdomain Exctraction Tool Usage
You can output to a text file and also copy the output to your clipboard as a List or a Single line string, which is useful if you’re trying to make a quick scan with Nmap or other tools.