Finding Subdomains via Certificate Transparency
Hi all,
For a while now, I've thought about using Certificate Transparency Logs in order to find subdomains, as especially when using Let's Encrypt, you usually issue a certificate per subdomain unless you go out of your way to do it the DNS Wildcard route (especially when using Caddy, which defaults to HTTP verification by default)
Due to this, I decided to build this (admittedly rather slow) tool - The Subdomain Finder. It scans for common subdomains as well as those contained in certificate transparency logs.
I did this more out of curiosity and to learn more about Certificate Transparency logs, and also to see how much of a footprint my sites have left over time - although admittedly I could've just looked at crt.sh
Nonetheless it was a fun little project and hopefully someone will find it useful.
All the best, ~ CA
Like what I write? Subscribe to my Mailing List or RSS feed.
Comments? Questions? Feel free to send me an Email.
This post was last edited 2 months, 2 weeks ago.