Closed ehsandeep closed 6 years ago
christophetd
commented
6 years ago I'm not sure I understand what your suggestion is. The goal of this tool is to help finding misconfigured origins behind Cloudflare, not to enumerate subdomains of a domain name (see here for that).
ehsandeep
commented
6 years ago Hi @christophetd,
Yes, suggestion is unrelated to this tool, and I saw this as well , where it fetch all the subdomain using certificate and my above suggestion was for fetching all the HOST which sharing same certificate.
do let me know if I'm making any sense here? or will close this out.
christophetd
commented
6 years ago Websites subscribed to the Cloudflare free plan indeed share the same SSL certificate with several other websites. If I understood correctly, your idea would be to have a tool to find which websites are sharing a certificate with a specific website?
Hi @christophetd!
This is good work, and great projection as well, while using I have noticed it uses certificate to extract hostname, but limited to host using Cloudflare which make sense here as per project, but it would be nice if we can extract all host for any given domain as well (it might be new project) or if you like to add into this only, what you think about it?