A simple command line utility to find subdomains of a given domain using the certificate transparency logs search service provided by crt.sh.
It fetches data from crt.sh to get related subdomains and wildcards
To install crtsh, clone the repository and run:
pip install -r requirements.txt
To use this tool as linux command follow these steps
Create crtsh directory under /opt
sudo mkdir -p /opt/crtsh
Copy python file to previously created directory
sudo cp crtsh.py /opt/crtsh/
Pase below commands in terminal
sudo echo 'alias crtsh="python3 /opt/crtsh/crtsh.py"'>>~/.zshrc
sudo echo 'alias crtsh="python3 /opt/crtsh/crtsh.py"'>>~/.bashrc
Refrash terminal profile
source ~/.zshrc
source ~/.bashrc
Run with
crtsh
or
crtsh -d hackerone.com
To find subdomains of a domain, use the -d or --domain option followed by the domain name:
crtsh -d "hackerone.com"
The subdomains will be displayed in a formatted table.
crtsh supports the following options:
-h, --help Show usage and help options
-d, --domain Search target domain
-o, --out Output file
-p, --plain Plain output, useful for piping result [Default: formatted]
For example, to output the results to a file, use the -o or --out option followed by the path to the file:
crtsh -d "hackerone.com" -o "/path/to/file.txt"
Stdout to use with other tools
crtsh -d hackerone.com -p | httpx
use the -p or --plain option to display the results in a normal format.
cat domains.txt | crtsh
-
JSON Support
-
Threading
-
Color formatted output for windows
-
Enumerate multiple domains from file
-
Logging