GAN - A SSL Subdomain Extractor.

View the Project on GitHub franccesco/getaltname

Extract subdomains with GSAN

Python Version Build Status Coverage Status GitHub release GitHub forks GitHub stars

GSAN (Get Subject Alternative Names) is a tool that can extract Subject Alternative Names found in SSL Certificates directly from HTTPS web sites which can provide you with DNS names (subdomains) or virtual servers.

This code extract subdomain names from https sites and return a list or json output of its findings. It is not a subdomain brute-force tool, and you can actually find those subdomains manually, this tools is about the automation of that process, it also offers the following features:

You can read more about how to do this manually from my blog post on [in Spanish - written on November 13, 2017].


What’s on the road


     ██████╗    ███████╗    █████╗    ███╗   ██╗
    ██╔════╝    ██╔════╝   ██╔══██╗   ████╗  ██║
    ██║  ███╗   ███████╗   ███████║   ██╔██╗ ██║
    ██║   ██║   ╚════██║   ██╔══██║   ██║╚██╗██║
    ╚██████╔╝██╗███████║██╗██║  ██║██╗██║ ╚████║
     ╚═════╝ ╚═╝╚══════╝╚═╝╚═╝  ╚═╝╚═╝╚═╝  ╚═══╝

       Get - Subjective - Alternative - Names

usage: gsan [-h] [-p PORT] [-s [timeout]] [-m] [-q] [-o OUTPUT]
                   [-f {json,text}] [-c {l,s}] [-d] [-V]

positional arguments:
  hostname                              Host or Nmap XML to analyze.

optional arguments:
  -h, --help                            show this help message and exit
  -p PORT, --port PORT                  Destiny port (default 443)
  -s [timeout], --search-crt [timeout]  Retrieve subdomains found in
  -m, --match-domain                    Matching domain names only
  -q, --quiet                           Supress output.
  -o OUTPUT, --output OUTPUT            Set output filename
  -f {json,text}, --format {json,text}  Set output format
  -c {l,s}, --clipboard {l,s}           Copy the output to the clipboard as a
                                        List or a Single string
  -d, --debug                           Set debug enable
  -V, --version                         Print version information.


Image Example


Disclaimer: The tool was renamed from getaltname to GSAN. You can also watch the demo here.


$ pip install --user gan


If for some reason the copy&paste mechanism doesn’t work, you will have to install xclip package. Debian/Ubuntu/Mint:

$ apt install xclip

Also keep in mind that the -s option to append subdomains found from it is sometimes very slow, this is because takes too long to process large data sets and throws a ‘404’ for whatever reason. By default there’s a 5 second time out to reach, but you can set this timeout with -s [timeout]

Support this project

If you like the project and would like to support me you can buy me a cup of coffee, you will also be inmortalized as a patreon, thank you 🙏.

Buy Me A Coffee

Buy Me a Coffee at