CT-Scout is a passive reconnaissance tool that enumerates subdomains for any domain by querying public Certificate Transparency logs via crt.sh.
Simply enter a domain name, tap "Scout", and instantly receive a complete, deduplicated list of all discovered subdomains sorted alphabetically. No active scanning, no network probes, no noise.
Features:
- One-tap subdomain enumeration from crt.sh
- Deduplicated and alphabetically sorted results
- Tap any subdomain to copy it to your clipboard
- Hide wildcard entries with a single toggle
- Export the full results list as a text file
- Beautiful dark interface with smooth animations
- No account required, completely free
This tool is designed for legitimate security researchers, penetration testers, and system administrators who need to quickly map the attack surface of domains they own or are authorised to test.
You may only use CT-Scout to scan domains that you own or for which you have explicit written authorisation. Unauthorised scanning of third-party domains may violate applicable laws and regulations. The developers assume no liability for any misuse of this tool.
LPP Development Studio (c) 1992-2026