macOS
brew install gsanlocal Homebrew formula metadata
brew
Extract subdomains from SSL certificates in HTTPS sites. Version 5.0.0 via Homebrew; verified 2026-06-21.
install
brew install gsanlocal Homebrew formula metadata
nix profile install nixpkgs#gsannixpkgs package indexes · pkgs/by-name/gs/gsan/package.nix · source: api.github.com
overview
Extract subdomains from SSL certificates in HTTPS sites
history
GSAN, from the getaltname project, is a small reconnaissance CLI for extracting Subject Alternative Names from HTTPS certificates. Its distinctive point is that it connects directly to servers rather than relying on Certificate Transparency logs.
The GitHub repository was created in November 2017, and early releases appeared in March 2018. The release stream moved quickly through 0.x and 1.x versions in 2018, reached 3.x during 2018 and 2019, published 4.2.3 in October 2020, and published 5.0.0 in August 2024.
The README and GitHub Pages site present a focused tool: pass a domain or pipe domain and IP:PORT lists into `gsan`, extract DNS names from the certificate SAN extension, and optionally write output for other tools.
GSAN's adoption evidence is narrow but clear: it is packaged for Homebrew and Nix and documented for pipx and Docker use. Its audience is security practitioners doing subdomain enumeration, especially in cases where direct certificate inspection is useful for internal servers, self-signed certificates, or targets not covered by public Certificate Transparency logs.
Basic usage is `gsan example.com`, producing the SAN DNS names found in the HTTPS certificate. The documentation also shows piping many targets with xargs, using Docker, combining results from Shodan, applying timeouts, writing an output file, and passing that output to Nmap.
GSAN is package-manager interesting as a tiny Python security CLI whose value comes from composing with other tools. It takes certificate metadata, emits target lists, and fits into Unix pipelines with Shodan, xargs, Docker, and Nmap.
security posture
broad file, network, media, or database tool signal.
blue risk · medium confidence · tool
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
gsan | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://franccesco.github.io/getaltname/
install metadata
| Package key | brew:gsan |
|---|---|
| Version | 5.0.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/gsan |
| Homepage | https://franccesco.github.io/getaltname/ |
| Repository | https://github.com/franccesco/getaltname |
| Upstream docs | https://franccesco.github.io/getaltname |
| License | MIT |
| Source archive | https://files.pythonhosted.org/packages/73/0c/1fc5a29ae79fd74f0fd54d2c4d487b8cf7b21ede08efe99a6c39977816c6/gsan-5.0.0.tar.gz |
| Last updated | 2026-06-21T14:25:28Z |
| Pulse | updated |
| Dependencies | cryptography, python@3.14 |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | gsan |
| Version Scheme | 0 |
| Revision | 5 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
gsan
nix profile install nixpkgs#gsansource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.