# Install gsan with Homebrew, Nix

Extract subdomains from SSL certificates in HTTPS sites. Version 5.0.0 via Homebrew; verified 2026-06-21.

## Install

```sh
sudo av install brew:gsan
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install gsan
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#gsan
```

  Evidence: nixpkgs package indexes: pkgs/by-name/gs/gsan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:gsan
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/gsan>
- **Version:** 5.0.0
- **Source summary:** Extract subdomains from SSL certificates in HTTPS sites
- **Homepage:** <https://franccesco.github.io/getaltname/>
- **Repository:** <https://github.com/franccesco/getaltname>
- **Upstream docs:** <https://franccesco.github.io/getaltname>
- **License:** MIT
- **Source archive:** <https://files.pythonhosted.org/packages/73/0c/1fc5a29ae79fd74f0fd54d2c4d487b8cf7b21ede08efe99a6c39977816c6/gsan-5.0.0.tar.gz>
- **Last updated:** 2026-06-21T14:25:28Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- gsan (cli)
- gsan (alias)

## Dependencies

- cryptography
- python@3.14

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 5.0.0
- Package-manager updated: 2026-06-21
- Local data: ok
- Upstream repository: https://franccesco.github.io/getaltname/
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

GSAN, from the getaltname project, is a small reconnaissance CLI for extracting Subject Alternative Names from HTTPS certificates. Its distinctive point is that it connects directly to servers rather than relying on Certificate Transparency logs.

### Project history

The GitHub repository was created in November 2017, and early releases appeared in March 2018. The release stream moved quickly through 0.x and 1.x versions in 2018, reached 3.x during 2018 and 2019, published 4.2.3 in October 2020, and published 5.0.0 in August 2024.

The README and GitHub Pages site present a focused tool: pass a domain or pipe domain and IP:PORT lists into `gsan`, extract DNS names from the certificate SAN extension, and optionally write output for other tools.

### Adoption history

GSAN's adoption evidence is narrow but clear: it is packaged for Homebrew and Nix and documented for pipx and Docker use. Its audience is security practitioners doing subdomain enumeration, especially in cases where direct certificate inspection is useful for internal servers, self-signed certificates, or targets not covered by public Certificate Transparency logs.

### How it is used

Basic usage is `gsan example.com`, producing the SAN DNS names found in the HTTPS certificate. The documentation also shows piping many targets with xargs, using Docker, combining results from Shodan, applying timeouts, writing an output file, and passing that output to Nmap.

### Why package nerds care

GSAN is package-manager interesting as a tiny Python security CLI whose value comes from composing with other tools. It takes certificate metadata, emits target lists, and fits into Unix pipelines with Shodan, xargs, Docker, and Nmap.

### Timeline

- 2017: GitHub repository created.
- 2018: 0.2.0 through 2.0.0 releases published in March.
- 2018: 3.0.3 release published in July.
- 2019: 3.0.13 and v3.0.14 releases published.
- 2020: v4.2.3 release published.
- 2024: v5.0.0 release published.

### Related projects

- Shodan is shown in the README as a source of HTTPS targets for GSAN.
- Nmap is shown as a downstream consumer of GSAN output files.
- Certificate Transparency log tools are related but differ from GSAN's direct TLS-connection approach.

### Sources

- <https://api.github.com/repos/franccesco/getaltname>
- <https://api.github.com/repos/franccesco/getaltname/releases?per_page=50>
- <https://franccesco.github.io/getaltname/>
- <https://github.com/franccesco/getaltname>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** gsan
- **Version Scheme:** 0
- **Revision:** 5
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - gsan: normalized package name match | nixpkgs package indexes: pkgs/by-name/gs/gsan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [chaos-client](https://www.automicvault.com/pkg/brew/chaos-client/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [csprecon](https://www.automicvault.com/pkg/brew/csprecon/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [favirecon](https://www.automicvault.com/pkg/brew/favirecon/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [findomain](https://www.automicvault.com/pkg/brew/findomain/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [gau](https://www.automicvault.com/pkg/brew/gau/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [gnutls](https://www.automicvault.com/pkg/brew/gnutls/) - Shares av.db curated category or tags: cli, security, tls.
- [certbot](https://www.automicvault.com/pkg/brew/certbot/) - Both packages touch the same language runtime or ecosystem. Shared terms: certificates, cli, cryptography, https, python.
- [botan](https://www.automicvault.com/pkg/brew/botan/) - Both packages touch the same language runtime or ecosystem. Shared terms: certificates, cli, cryptography, python, python-3-14.

## Combined YAML source

View the package source record on GitHub. [combined/gsan.yml](https://github.com/automic-vault/db/blob/main/combined/gsan.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
