Get Alternate Names for Certificate Writeup: http://andrewmohawk.com/2012/05/21/alternate-dns-names-in-certificates/

HTTPS enabled site: https://

"; if(isset($_GET["h"])) { echo "
";
		set_time_limit(0); 
		ob_implicit_flush();
		$host = $_GET["h"];
		$context = stream_context_create(array(
		  'ssl' => array('capture_peer_cert' => TRUE)
		));
		echo "[+] Fetching SSL Cert...";
		@$html = file_get_contents('https://'.$host, NULL, $context);
		$opts = stream_context_get_options($context);
		echo "Done
";
		echo "[+] Parsing SSL Cert...
";
		if(isset($opts["ssl"]) && isset($opts['ssl']['peer_certificate']))
		{
			$ssl = openssl_x509_parse($opts['ssl']['peer_certificate']);
			if(isset($ssl["extensions"]))
			{
				if(isset($ssl["extensions"]["subjectAltName"]))
				{
					echo " [-] Found Alternate DNS names:
";
					$altNamesTmp = $ssl["extensions"]["subjectAltName"];
					$altNames = explode(",",$altNamesTmp);
					$hostnames = array();
					$unknown = array();
					foreach($altNames as $a)
					{
						if(strpos($a,"DNS:") !== false)
						{
							
							$hostname = substr($a,strpos($a,"DNS:")+4);
							
							$hostnames[] = $hostname;
							
							
						}
						else
						{
							$unknown[] = $a;
						}
						
					}
					foreach(array_unique($hostnames) as $ud)
					{
						echo " [*] Found Alternate DNS Name: $ud 
";
					}
					foreach(array_unique($unknown) as $ud)
					{
						echo " [*] Unknown Entry: $ud 
";
					}
				}
			}
		}
		else
		{
			echo "[!] Could not parse certificate... https enabled?";
		}
	}