cero
Scrape domain names from SSL certificates of arbitrary hosts.
Cero will connect to remote hosts, and read domain names from the certificates provided during TLS handshake.
It is not limited to only HTTPS, and will scrape certificates from any protocol that works over TLS (e.g. SMTPS) - just give it the right ports to connect to.
Cero allows flexible specification of targets, including domain names, IP addresses, and CIDR ranges, with full support for IPv6.