pentest tools/recon/Subdomain Scanner

Subdomain Scanner

Discover subdomains associated with a target domain

pentest tools
Risk: Medium
SSL Certificate Search
Subdomain Enumeration
Certificate Analysis
Attack Surface Mapping
#subdomain
#enumeration
#scanning
#certificates
#recon

Subdomain Scanner

Enter a domain name to enumerate its subdomains using SSL certificate data from crt.sh.

Subdomains Found

How This Works

This tool uses the Certificate Transparency (CT) logs from crt.sh to discover subdomains. It's a non-intrusive, passive reconnaissance technique that only queries publicly available SSL certificate data.

Domain Input
crt.sh API Query
Extract & Filter Domains
Results Display

Ethical Use: This tool is provided for security research, defensive security testing, and educational purposes only. Only scan domains you own or have explicit permission to test.

Technical Details: The scanner works by querying the Certificate Transparency logs, which are public records of SSL/TLS certificates. When websites obtain SSL certificates, they must include all domain names the certificate will secure, including subdomains. These records are publicly searchable for transparency and security purposes.

Authorization Required

Only use this tool on systems you own or have explicit written permission to test. Unauthorized scanning or testing is illegal and may result in criminal charges.