loading
Loading content
loading
Also known as CT logs
Certificate transparency is a public auditing system for TLS certificates. When a certificate authority issues a certificate, it submits the record to append-only logs that anyone can read. Browsers expect modern certificates to appear in these logs, which was designed to catch mis-issued or fraudulent certificates before they could be abused.
For recon, the side effect is gold. Every certificate names the hostnames it covers, including entries in the subject alternative name field. By querying CT logs through services like crt.sh or the Certificate Transparency API, an analyst pulls a list of subdomains an organization registered certificates for, even ones that never resolved publicly or were quietly retired. Wildcard and internal-looking names often leak this way.
Because CT data is passive and external, it costs the target nothing and tips them off to nothing. That makes it a staple of OSINT and a strong complement to brute-force subdomain enumeration, which catches different hosts.
In a Trickest workflow, a CT query node feeds discovered hostnames into DNS enumeration to confirm which resolve, then on to scanning. The same logs help track an organization's TLS/SSL footprint over time.
Related terms