Subdomain Finder Online

The Subdomain Finder on 101IP discovers subdomains of any domain by querying the public Certificate Transparency log database via crt.sh. No active scanning — all data comes from publicly issued SSL certificates.

What is Certificate Transparency

Certificate Transparency (CT) is an open standard requiring all trusted Certificate Authorities to publish every issued SSL/TLS certificate in public append-only logs. This allows discovering subdomains that have ever had a certificate issued for them.

Use cases for subdomain enumeration

• Security auditing: discovering forgotten or unprotected subdomains;
• Reconnaissance: mapping a domain's infrastructure;
• Authorized penetration testing and bug bounty research;
• SEO analysis: finding all sites under a domain.

Limitations

This tool only shows subdomains that have had a public SSL certificate issued. Subdomains without HTTPS or with self-signed certificates are not recorded in CT logs. For comprehensive enumeration, combine CT logs with DNS brute-forcing and other OSINT techniques.