Subdomain Scanner

Discover all subdomains for any domain using Certificate Transparency logs. Find hidden subdomains, check certificate validity, and export results.

Run a check to see results

APIPOST /api/v1/dns/subdomains
5(6 votes)
8
checks performed
Try also: DNS Lookup
Run Check

Key Features

100% Free

No registration required, unlimited checks

Instant Results

Real-time analysis with detailed output

REST API Access

Integrate into your workflow via API

Accurate Data

Live queries to authoritative sources

What is Subdomain Scanner?

The Subdomain Scanner uses Certificate Transparency (CT) logs to discover subdomains associated with a domain. CT logs are public records of SSL/TLS certificates issued by certificate authorities. By querying these logs, the tool reveals subdomains that have had certificates issued for them — often exposing staging servers, internal tools, and forgotten infrastructure.

How to Use

  1. 1Enter the root domain you want to scan for subdomains
  2. 2Click 'Run Check' to query Certificate Transparency logs
  3. 3Browse the discovered subdomains, filter by name, and check certificate validity
  4. 4Export the results as CSV or copy all subdomains to clipboard

Who Uses This

System Administrators

Monitor and troubleshoot infrastructure

Developers

Debug network issues and integrate via API

SEO Specialists

Verify domain configuration and performance

Security Analysts

Audit and assess network security

Frequently Asked Questions

What is subdomain scanning?
Subdomain scanning is the process of discovering all subdomains belonging to a root domain. This tool uses Certificate Transparency logs — public databases of SSL certificates — to find subdomains that have had certificates issued for them.
What are Certificate Transparency logs?
Certificate Transparency (CT) logs are publicly auditable records of SSL/TLS certificates. Every time a certificate authority issues a certificate, it must be logged. This allows anyone to discover which subdomains have had certificates issued.
Will this find all subdomains?
This tool finds subdomains that have had SSL/TLS certificates issued. Internal subdomains without certificates or those using private CAs may not appear. For a more complete picture, combine this with DNS brute-forcing and other enumeration techniques.

Related Tools

DNS Lookup

WHOIS Lookup

SSL Checker

Security Score

Popular Tools

MX Lookup

Blacklist Check

Email Validator

Header Analyzer

API Endpoint

POST /api/v1/dns/subdomains
View Documentation