crt.sh
Bash script for subdomain enumeration via crt.sh certificate transparency logs.
crt.sh
Bash script for subdomain enumeration via crt.sh certificate transparency logs.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaigncrt.sh Description
Subdomain Enumeration
Reconnaissance
Open Source
Bug Bounty
Enumeration
Network Reconnaissance
SSL
DNS Security
Security Scanning
az7rb crt.sh is a bash script that automates subdomain enumeration by querying and parsing output from the crt.sh certificate transparency log search engine. The script interacts with the crt.sh website, which indexes SSL/TLS certificate data from public certificate transparency logs. By querying this data, the script can discover subdomains associated with a target domain that have had certificates issued for them. Key capabilities: - Queries the crt.sh certificate transparency database for a given domain - Parses and filters the raw output returned by crt.sh - Saves enumerated subdomains to output files for later use - Provides a command-line interface for quick, repeatable subdomain discovery The tool is written as a bash script, making it lightweight and easy to run on Linux/Unix systems without additional dependencies beyond standard shell utilities. It is intended for use in reconnaissance phases of security assessments, bug bounty hunting, and attack surface mapping. Output is saved to text files, as demonstrated by the included sample output directory in the repository. The script simplifies what would otherwise require manual querying and parsing of the crt.sh web interface.
crt.sh FAQ
Common questions about crt.sh including features, pricing, alternatives, and user reviews.
crt.sh is Bash script for subdomain enumeration via crt.sh certificate transparency logs. It is a Attack Surface solution designed to help security teams with Subdomain Enumeration, Reconnaissance, Open Source.
crt.sh offers the following core capabilities:
1.Subdomain enumeration via certificate transparency logs
2.Automated querying of crt.sh website
3.Parsing and filtering of crt.sh output
4.Saving enumerated subdomains to output files
5.Command-line interface for domain reconnaissance
Learn more at https://cybersectools.com/tools/crt-sh
crt.sh is a free Attack Surface tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/az7rb/crt.sh for download and installation instructions.
Popular alternatives to crt.sh include:
1.Amass - Amass is an open-source OWASP tool for comprehensive attack surface mapping and asset discovery through domain reconnaissance and subdomain enumeration. (Free)
2.censys-enumeration - A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys. (Free)
3.assetfinder - A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities. (Free)
4.ScanCannon - A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration. (Free)
5.Cylana EASM - AI-powered EASM platform for digital asset discovery and monitoring. (Commercial)
Compare these tools and more at https://cybersectools.com/categories/attack-surface
crt.sh is for security teams and organizations that need Subdomain Enumeration, Reconnaissance, Open Source, Bug Bounty, Enumeration. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Attack Surface tools can be found at https://cybersectools.com/categories/attack-surface
Have more questions? Browse our categories or search for specific tools.
