A Python tool that enumerates subdomains by querying Censys' Certificate Transparency logs to identify SSL-certified subdomains.
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
This tool is primarily used by security professionals and network administrators to discover all subdomains of a target domain that have been issued SSL certificates, aiding in network reconnaissance and vulnerability assessment. It leverages Censys' certificate transparency data to provide comprehensive subdomain enumeration, useful for penetration testing and security monitoring.
As of late 2024, Censys no longer provides free API access, so a paid account is required to use this tool. The Censys API enforces a rate limit of 120 queries per 5 minutes, but this tool makes only one API call per run. Users should securely manage their API credentials via environment variables or a .env file. The tool requires Python 3.7 or higher.
Register a free account at https://search.censys.io/register
Set environment variables CENSYS_API_ID and CENSYS_API_SECRET with your API credentials
Alternatively, copy .env.template to .env and edit with your API credentials
Clone the repository: git clone https://github.com/christophetd/censys-subdomain-finder.git
Change directory: cd censys-subdomain-finder
Create a Python virtual environment: python3 -m venv venv
Activate the virtual environment: source venv/bin/activate
Install dependencies: pip install -r requirements.txtpython censys-subdomain-finder.py example.com
Enumerate subdomains of example.com and display them in the console
python censys-subdomain-finder.py example.com -o subdomains.txt
Enumerate subdomains of example.com and save the output to subdomains.txt
python censys-subdomain-finder.py -h
Display help message with usage instructions and available options