search_crt
Enumerate subdomains from public certificate transparency logs using crt.sh to uncover internal or staging hosts without active scanning.
Instructions
Enumerate subdomains from certificate transparency logs via crt.sh. Keyless and purely passive (public CA logs), surfaces internal/staging hosts that never resolve publicly. Authorized use only: your own assets or a target you are authorized to assess. Passive, public-source collection.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | ||
| json_output | No | Return result as structured JSON. |