Censys Subdomain Finder

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
Alternatives To Censys Subdomain Finder
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
7 months ago193apache-2.0HTML
:lock: Memorable site for testing clients against bad SSL configs.
The One Cert803
3 years ago2JavaScript
One cert to rule them all: SSL cert that is valid for any and all domains + all levels of subdomains
2 years ago12mitPython
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
a year ago2mitJava
A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
Censys Subdomain Finder556
3 months ago2Python
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
2 years ago
An hourly updated list of subdomains gathered from certificate transparency logs
3 years ago16October 11, 2020mitPython
Extract subdomains from SSL certificates in HTTPS sites.
Burpcollaborator Docker264
3 months agoPython
This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.
Letsencrypt Routeros161
4 years ago8gpl-3.0Shell
Let's Encrypt certificates for RouterOS / Mikrotik
Bounty Monitor152
4 years agomitPython
Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains participating in bug bounty programs.
Alternatives To Censys Subdomain Finder
Select To Compare

Alternative Project Comparisons

Censys subdomain finder

This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA.

See it in action:

$ python censys-subdomain-finder.py github.com

[*] Searching Censys for subdomains of github.com
[*] Found 42 unique subdomains of github.com in ~1.7 seconds

  - hq.github.com
  - talks.github.com
  - cla.github.com
  - github.com
  - cloud.github.com
  - enterprise.github.com
  - help.github.com
  - collector-cdn.github.com
  - central.github.com
  - smtp.github.com
  - cas.octodemo.github.com
  - schrauger.github.com
  - jobs.github.com
  - classroom.github.com
  - dodgeball.github.com
  - visualstudio.github.com
  - branch.github.com
  - www.github.com
  - edu.github.com
  - education.github.com
  - import.github.com
  - styleguide.github.com
  - community.github.com
  - server.github.com
  - mac-installer.github.com
  - registry.github.com
  - f.cloud.github.com
  - offer.github.com
  - helpnext.github.com
  - foo.github.com
  - porter.github.com
  - id.github.com
  - atom-installer.github.com
  - review-lab.github.com
  - vpn-ca.iad.github.com
  - maintainers.github.com
  - raw.github.com
  - status.github.com
  - camo.github.com
  - support.enterprise.github.com
  - stg.github.com
  - rs.github.com


  1. Register an account (free) on https://censys.io/register

  2. Browse to https://censys.io/account, and set two environment variables with your API ID and API secret:

    export CENSYS_API_ID=...
    export CENSYS_API_SECRET=...

    Alternatively, you can use a .env file to store these values for persistence across uses:

    cp .env.template .env

    Then edit the .env file and set the values for CENSYS_API_ID and CENSYS_API_SECRET.

  3. Clone the repository:

    git clone https://github.com/christophetd/censys-subdomain-finder.git
  4. Install the dependencies in a virtualenv:

    cd censys-subdomain-finder
    python3 -m venv venv
    source venv/bin/activate
    pip install -r requirements.txt


Sample usage:

python censys-subdomain-finder.py example.com

Output the list of subdomains to a text file:

python censys-subdomain-finder.py example.com -o subdomains.txt
usage: censys-subdomain-finder.py [-h] [-o OUTPUT_FILE]
                                  [--censys-api-id CENSYS_API_ID]
                                  [--censys-api-secret CENSYS_API_SECRET]

positional arguments:
  domain                The domain to scan

optional arguments:
  -h, --help            show this help message and exit
                        A file to output the list of subdomains to (default:
  --censys-api-id CENSYS_API_ID
                        Censys API ID. Can also be defined using the
                        CENSYS_API_ID environment variable (default: None)
  --censys-api-secret CENSYS_API_SECRET
                        Censys API secret. Can also be defined using the
                        CENSYS_API_SECRET environment variable (default: None)


Should run on Python 2.7 and 3.5.


The Censys API has a limit rate of 120 queries per 5 minutes window. Each invocation of this tool makes exactly one API call to Censys.

Feel free to open an issue or to tweet @christophetd for suggestions or remarks.

Popular Certificate Projects
Popular Subdomain Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Penetration Testing
Pentest Tool
Subdomain Scanner