tools_crtsh
Passively enumerate subdomains by searching crt.sh certificate transparency logs.
Instructions
Query crt.sh certificate transparency logs for passive subdomain enumeration.
Searches Certificate Transparency (CT) logs via crt.sh to discover subdomains that have had TLS certificates issued for them. This is a passive reconnaissance technique that does not send any traffic to the target domain itself.
Args: domain: Target domain to search (e.g., 'example.com') include_expired: Include expired certificates in results (default: False). When True, results may contain historical subdomains that are no longer active but once held valid certificates.
Example usage: tools_crtsh(domain='example.com') tools_crtsh(domain='target.org', include_expired=True)
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | ||
| include_expired | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |