Glossary
Certificate Transparency — Public Certificate Logs
Certificate Transparency (CT) is a public logging framework that requires Certificate Authorities to record every TLS certificate they issue in publicly auditable logs. These logs let anyone discover every SSL certificate ever issued for a domain — including certificates for subdomains that may no longer be in use. DomainPreflight uses Certificate Transparency logs via crt.sh to discover subdomains when scanning for dangling records.
How CT Logs Help Security
CT logs are searchable — query any domain and see every certificate ever issued for it. This reveals subdomains you may have forgotten existed. Security researchers and attackers both use CT logs to map an organization's attack surface.
crt.sh
crt.sh is the most widely used public interface to CT logs. It aggregates certificates from all major logs and allows domain-based searches. DomainPreflight uses the crt.sh API for subdomain discovery.
Use CT-backed discovery
Open Dangling Records →FAQ
What is Certificate Transparency?
A public framework requiring Certificate Authorities to log every TLS certificate they issue. The logs are publicly searchable and reveal every subdomain that has ever had an SSL certificate.
How does DomainPreflight use CT logs?
The Dangling Records tool queries crt.sh to discover all subdomains that have had certificates issued, then checks each for takeover risk.
Can attackers use CT logs?
Yes — CT logs are public. Attackers use them to discover subdomains and find takeover opportunities. Running regular dangling record scans finds them first.