Subdomain audit
Enter a domain: the tool aggregates names seen in Certificate Transparency (all levels). CT-only mode lists everything without DNS/TLS (suited to very large domains or zones without a public IP). Network mode probes DNS/TLS on a limited sample. Use CSV export to download the full list.
CT list mode: all names seen in certificate transparency (even if the domain has no public A/AAAA). Preview in the table; for hundreds of thousands of rows use Export CSV.
FAQ
What does CT-only mode do?
It lists hostnames observed in Certificate Transparency logs without sending live DNS or TLS probes. Use it for very large zones or when you only need names from certificates.
When does the tool probe DNS or TLS?
When you enable network sampling, a limited subset of names can be probed to resolve DNS or inspect TLS. This is optional and scoped to avoid hammering huge lists.
Can I download the full hostname list?
Yes. CSV export includes the aggregated names so you can import them into other tools or reports.
Is this the same as a port scan?
No. It focuses on names from CT and optional DNS/TLS checks on samples, not on scanning IP ranges for open ports.