crt.sh Has a Free API — Find Every SSL Certificate for Any Domain (With Python)

Want to find every subdomain of any website? There's a trick most developers don't know. Every time a website gets an SSL certificate, it gets logged in a public database called Certificate Transparency logs . And crt.sh lets you search all of them — for free, with no API key. This means you can find every subdomain of any domain that has ever had an SSL certificate. Why This Is Useful Security audits: Find forgotten subdomains (staging.company.com, dev.company.com) Bug bounty: Discover attack surface of target domains Competitive analysis: See what internal tools competitors are running Monitoring: Get alerts when new certificates are issued for your domain Quick Start crt.sh has no official docs, but it supports a simple JSON API: import requests def find_subdomains ( domain ): """ Find all subdomains via Certificate Transparency logs. """ url = f " https://crt.sh/?q=%25. { domain } &output=json " resp = requests . get ( url , timeout = 30 ) if resp . status_code != 200 : return [] c