Certificate Transparency Search
Find every TLS certificate ever issued for a domain. Query the public CT logs via crt.sh to discover forgotten subdomains and unauthorized issuance.
Search Certificate Transparency logs
Queries crt.sh for every certificate issued that matches a domain. Useful for finding forgotten subdomains and unauthorized issuance.
What Certificate Transparency is
Every publicly-trusted CA is required to submit the certificates it issues to one or more append-only CT logs. Any certificate trusted by a modern browser was logged — which means anyone can enumerate the certificates (and therefore hostnames) that exist for a domain.
Why this is useful
- Attack surface mapping — discover forgotten subdomains you forgot you owned.
- Unauthorized issuance — spot certs issued by a CA you didn’t use.
- Pre-release leaks — new internal hostnames show up in CT before they go public.
- Takeover hunting — expired services whose DNS still points somewhere.
What the tool shows
- Every CT entry for the domain (or wildcard of subdomains).
- Unique hostnames across all SANs.
- Issuer, validity, and log timestamp for each cert.
Data source
Queries crt.sh, a free CORS-enabled front-end to the CT logs maintained by Sectigo. Searches can be slow or rate-limited during peak hours.
Privacy
Your query string goes to crt.sh — which is fine for recon on a domain, but don’t paste anything you consider sensitive.