san_scan.py

#!/usr/bin/python
# -*- coding: utf-8 -*-

import ssl
from socket import *
from requests.packages.urllib3.contrib import pyopenssl as reqs


setdefaulttimeout(1)
port_num = "24800"
addr = "$IP"
dns_list = []
def https_cert_subject_alt_names(host, port):
    """Read subject domains in https cert from remote server"""
    x509 = reqs.OpenSSL.crypto.load_certificate(
           reqs.OpenSSL.crypto.FILETYPE_PEM,
           reqs.ssl.get_server_certificate((host, port))
           )
    return reqs.get_subj_alt_name(x509)

if __name__ == '__main__':
    for i in range(1,255):
        ip = addr + str(i)
        try:
            domains = https_cert_subject_alt_names(ip, port_num)
            print("*** Found: " + ip + ":" + port_num)
            num = 0
            while num < len(domains):
               print(domains[num][1])
               if domains[num][1] not in dns_list:
                   dns_list.append(domains[num][1])
               num += 1
        except (timeout):
            pass
print("*** DNS Entries ***")
dns = 0
while dns < len(dns_list):
    print(dns_list[dns])
    dns +=1