Certificate Transparency Search - crt.sh Lookup & Export
Search public CT logs through crt.sh to discover issued certificates, mapped hostnames, and potential exposure in your domain space. Export results quickly for reporting and investigation workflows.
Run your Certificate Transparency search
Source: crt.sh (public Certificate Transparency aggregator).
Run a search - results come from crt.sh.
Use wildcard syntax like %.example.com for broad subdomain discovery.
Why use Certificate Transparency search?
CT logs provide a public record of issued TLS certificates. Reviewing them helps defenders identify unknown hostnames, monitor certificate issuance, and detect potential misconfiguration or abuse.
This is especially useful for external attack surface monitoring and domain inventory validation.
Features of the CT search tool
- crt.sh-backed public CT lookup
- Wildcard query support for discovery
- Hostname extraction from certificate entries
- CSV export for reporting and triage
- Fast browser-first workflow for defenders
How to use the CT search tool?
- Enter a domain or wildcard pattern
- Review returned certificate hostnames
- Export findings to CSV for analysis and sharing
What can you analyze with CT results?
- Discovered subdomains and SAN hostnames
- Unexpected certificate issuance patterns
- Newly observed internet-facing assets
- Inventory gaps in known domain scope
- Inputs for follow-up DNS and HTTP validation
FAQ
What is Certificate Transparency (CT)?
CT is a public, append-only log of TLS certificates. Certificate authorities publish certificates they issue so anyone can detect mis-issued or rogue certs for your domains.
Where do the search results come from?
This UI queries crt.sh, a public aggregator of CT logs. Your search terms are sent to crt.sh through this app so results match what you would get from their service.
Can I export results?
Yes. Use the CSV export in the tool to download the hostname list for reporting or further analysis.
How do wildcards like %.example.com work?
They match certificate names that fit the pattern, which helps discover subdomains and alternate names seen in CT logs without listing every host manually.