Subdomain Finder

Subdomains are prefixes added to a domain name that allow organizations to create separate sections of their website.

For example: blog.example.com, api.example.com, or mail.example.com

They're often used for different services, environments, or geographical regions.

Our tool uses Certificate Transparency (CT) logs to discover subdomains. When SSL certificates are issued, they're logged publicly.

We search these logs for certificates that include the target domain, revealing associated subdomains.

Optional status checking verifies if discovered subdomains are currently accessible online.

We don't store or log the domains you search. All queries are processed in real-time.

The tool only accesses publicly available Certificate Transparency logs - no private data is accessed.

Status checking is performed respectfully with appropriate delays to avoid overwhelming target servers.

Security Research: Discover attack surfaces and potential entry points

Bug Bounty: Find forgotten or misconfigured subdomains

Asset Discovery: Map an organization's web infrastructure

Competitive Analysis: Understand competitor's web presence

Domain Management: Audit your own domain's subdomain usage

1. Enter the target domain (e.g., example.com)

2. Optionally enable status checking for live verification

3. Click "Find Subdomains" to start the search

4. Use the search filter to find specific subdomains

5. Click the external link icon to visit live subdomains

6. Copy subdomains to clipboard for further analysis

Limitations: Results depend on SSL certificate issuance and CT log coverage

Accuracy: Some subdomains may no longer exist or be accessible

Rate Limits: Large domains may be limited to prevent timeouts

Status Check: Enabling status verification significantly increases scan time