Usage:
usage: getaltname.py [-h] [-p PORT] [-s [timeout]] [-m] [-o OUTPUT] [-c {l,s}]
[-d]
hostname
positional arguments:
hostname Host to analyze.
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT Destiny port (default 443)
-s [timeout], --search-crt [timeout] Retrieve subdomains found in crt.sh
-m, --matching-domain Show matching domain name only
-o OUTPUT, --output OUTPUT Set output filename
-c {l,s}, --clipboard {l,s} Copy the output to the clipboard as a
List or a Single string
-d, --debug Set debug enable
You can output to a text file and also copy the output to you clipboard as a List or a Single line string, which is useful if you’re trying to make a quick scan with Nmap or other tools.
Installation
Required libraries:
- colorama
- ndg-httpsclient
- pyperclip
- requests
- tldextract
Installation with pipenv:
$ git clone https://github.com/franccesco/getaltname.git
$ pipenv install
Installation with Pip:
$ git clone https://github.com/franccesco/getaltname.git
$ pip install -r requirements.txt
For the copy&paste mechanism you will have to install xclip package. Debian/Ubuntu/Mint:
$ apt install xclip
TO-DO
- File output
- Output to clipboard
- Clean sub-domains wildcards
- Remove duplicates
- A filter system for main domain and TLD’s.
- Add colors (so l33t. /s)
- Get additional sub-domains from crt.sh