Certificate Transparency (CT) is an open framework — mandated by major browsers since 2018 — that requires Certificate Authorities (CAs) to publicly log every TLS certificate they issue to append-only, cryptographically verifiable logs. This was designed to detect misissued or fraudulent certificates, but it has an important side effect for security researchers: every subdomain that receives a TLS certificate is permanently and publicly recorded. CT log search tools let you enumerate subdomains, monitor for unauthorized certificate issuance, investigate SSL/TLS infrastructure, and detect brand impersonation or phishing domains — all without ever touching the target’s servers. crt.sh, operated by Sectigo (formerly Comodo), is the most widely used CT log search interface. By queryingDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/edoardottt/awesome-hacker-search-engines/llms.txt
Use this file to discover all available pages before exploring further.
%.example.com, you can retrieve every certificate ever issued for any subdomain of a domain — often revealing development environments, internal tools, staging servers, and forgotten assets that never appeared in public DNS records.
Crt.sh
Certificate Search — the most widely used Certificate Transparency log search interface.
CTSearch
Certificate Transparency Search Tool by Entrust — search across multiple CT logs.
tls.bufferover.run
Quickly find certificates in IPv4 space — enumerate certs by IP range.
CertSpotter
Monitors your domains for expiring, unauthorized, and invalid SSL certificates.
SynapsInt
The unified OSINT research tool — correlates certificate data with other intelligence.
Censys Search - Certificates
Certificates Search — query Censys’s comprehensive TLS certificate database.
ciphersuite.info
TLS Ciphersuite Search — search for a particular cipher suite by IANA, OpenSSL or GnuTLS name format.
certificatedetails
Online certificate viewer — inspect and download certificates from your browser.
FacebookCT
Search for certificates issued for a given domain and subscribe to notifications from Facebook regarding new certificates.
certs.io
Search TLS certificates across the internet.
ODIN Certificates Search
ODIN Certificates Search — powerful certificate enumeration within the ODIN platform.
How Certificate Transparency Aids Security Research
Subdomain Discovery
The most immediately useful application of CT log searching is subdomain enumeration. Because organizations must obtain TLS certificates for any HTTPS service, CT logs create a near-complete record of every subdomain that was ever secured with a certificate. Unlike DNS brute-forcing (which is limited by wordlist quality) or search engine dorking (which only indexes publicly crawled content), CT log search is authoritative — if a subdomain had a certificate, it appears in the log.Monitoring for Unauthorized Certificates
CT monitoring tools like CertSpotter allow organizations to receive real-time alerts whenever a new certificate is issued for their domains. This is critical for detecting:- Certificate misissuance: a CA incorrectly issuing a certificate for a domain it shouldn’t have
- Phishing infrastructure: attackers obtaining valid certificates for lookalike domains (e.g.,
paypa1.com,secure-bank-login.com) - Brand impersonation: fraudulent domains designed to deceive users or employees